XSS例題
alert(1)を実行ã•ã›ã¦ãã ã•ã„。ãŸã ã—ã€ãƒªãƒ³ã‚¯å…ˆã®ã‚µãƒ¼ãƒã¸ã®ç´°å·¥ã¯ä¸€åˆ‡å‡ºæ¥ãªã„ã‚‚ã®ã¨ã—ã¾ã™ï¼ˆjavascriptスã‚ームã¸ã®ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã¨ã‹ã¯ç¦æ¢ã¨ã„ã†ã“ã¨ã§ï¼‰ã€‚
Execute alert(1), but you can not customize server linked from IMG element (for example, redirection to "javascript:" scheme is not allowed).
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>XSS challange ( execute alert())</title> <script type="text/javascript"> var w = null; function isValidUrl(url) { var l = url.length; if (l==0) return false; for (var i=0; i < l; i++) { var c = url.charAt(i); if (c <= " ") return false; if (c == "<") return false; if (c == ">") return false; if (c == "\"") return false; if (c == "'") return false; if (c == "&") return false; if (c == ":") return false; if (c == "?") return false; if (c == "+") return false; if (c == "%") return false; } if ((l >=2) && (url.charAt(0)=="/") && (url.charAt(1)=="/")) { return false; } return true; } function addImg(w, url) { try { w.resizeTo(200,200); if (!isValidUrl(url)) return; w.document.write("<img src=\""); w.document.write(encodeURI(url)); w.document.write("\">"); } catch (e) {/*resizeTo may throw exception */} } function exec() { if (!w) { w = window.open(); w.document.write("<html><head>"); w.document.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">"); w.document.write("<title>target<\/title><\/head>\n<body>\n"); } addImg(w, document.getElementById("i1").value); } function finish() {if (w) {w.document.close();}} //Bug fix (!w) to (w), thanks to id:hasegawayosuke </script> </head> <body> <form> <input type="text" id="i1" value=""> <input type="button" onclick="exec()" value="ADD IMG"> <input type="button" onclick="finish()" value="finish"> </form> </body> </html>
Linuxã§ã¯XSSã‚’å¯èƒ½ã«ã™ã‚‹æ–‡å—ãŒå…¥åŠ›ã§ããªã„ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“(On Linux, it may be impossible to input character to enable XSS. )
