ã‚ã¾ã‚ŠçŸ¥ã‚‰ã‚Œã¦ã„ãªã„脆弱性:DOM Based XSSã«ã”用心|アークウェブã®ãƒ–ãƒã‚°ã“ã‚“ã«ã¡ã¯ã€SEã®é€²åœ°ã§ã™ã€‚ XSS(Cross Site Scripting)脆弱性ã®ä¸ã§ã‚ã¾ã‚Šæ³¨æ„を払ã‚ã‚Œã¦ã„ãªã„タイプã«DOM Based XSSã¨ã„ã†ã‚‚ã®ãŒã‚ã‚Šã¾ã™ã€‚アナウンス自体ã¯éšåˆ†ã¨æ˜”ã‹ã‚‰è¡Œã‚ã‚Œã¦ãŠã‚Šã€webappsec.orgã§ã‚‚2005/7/4ã«Amit Kleinæ°ãŒ"DOM Based Cross Site Scripting or XSS of the Third Kind"を発表ã—ã¦ã„ã¾ã™ã€‚ Web 2.0的アプリãªã©ã§ã®Ajaxã®æ™®åŠã§JavaScriptãŒå¤šç”¨ã•ã‚Œã‚‹ç¾åœ¨ã®Web開発ã§ã¯ã€DOM Based XSSãŒå…¥ã‚Šè¾¼ã‚€å¯èƒ½æ€§ã¯å¾“æ¥ã‚ˆã‚Šã‚‚高ã¾ã£ã¦ã„ã¾ã™ã€‚ãã“ã§ã€ä»Šå›žã¯ã“ã®DOM Based XSSã«ã¤ã„ã¦èª¬æ˜Žã—よã†ã¨æ€ã„ã¾ã™ã€‚ DOM Based XSSã¨ã¯ä½•ã‹ï¼Ÿ 一般的ã«XSS脆弱性ã¨èžã„ã¦æ€ã„æµ®ã‹ã¹ã‚‹ã®ã¯ã€æ”»æ’ƒè€…ã®æ‚ªæ„ã‚る入力データ(JavaScript
HTMLã§ã®è³ªå•ã§ã™ã€‚ ã‚ã‚‹æ–‡å—を太å—ã«ã—ã¦ã‚µã‚¤ã‚ºã‚’大ããã—ãŸã„å ´åˆã¯ <b> <font size> ã¨ã„ã£ãŸã‚¿ã‚°ã‚’使用ã—ã¾ã™ã€‚…
国政.net 衆院é¸|å‚院é¸ã®ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹
ãƒãƒ ã‚¹ã‚¿ãƒ¼é€Ÿå ±ã€€ï¼’ã‚ã 〜ããªã“ã‚‚ã¡ãƒ—ãƒãƒ•ã‚¡ã‚¤ãƒ«ã€œ ファミコンを知らãªã„å°ä¸å¦ç”ŸãŒã¾ã 急増ä¸ã€€orz
Site Under Maintenance
{{#tags}}- {{label}}
{{/tags}}