PEAK XOOPS - Re: anti-XSS system (4)

Top > Comments >News comment >Re: anti-XSS system (4)

Re: anti-XSS system (4)

Target	News
Subject	anti-XSS system (4)
Summary	This is the last chapter of BigUmbrella.The code in (3) has two points should be argued.- Is the check pattern OK?preg_match( '/[<\'"].{15}/s' , $val , $regs )<img src="(REQUEST)" /><a href="(REQUEST)">If this pattern exists, it is not enough.Because "...

List posts in the topic

Re: anti-XSS system (4)

msg# 1.1.1.1

depth:: 3

Previous post - Next post | Parent - No child | Posted on 2006/7/14 15:03

GIJOE

Posts: 4110

Quote:

Quote:
¤ä¤Ï¤ê³°Éô¤«¤é¤Î¡ÖHTMLµö²Ä¡×¤Ï¤¢¤êÆÀ¤Ê¤¤ÀßÄê¤Ç¤¹¤Í¡£
¤½¤¦¤Ê¤ó¤Ç¤¹¤è¤Í¡£HTML¥¿¥°¤¢¤ê¤Î¥×¥ì¥Ó¥å¡¼µ¡Ç½¤¬¤¤¤«¤ËÆñ¤·¤¤¤«¡¦¡¦¡¦¡£º£¤Î¤È¤³¤í¡¢»ä¤Ï¼«Ê¬¤¬Ç¼ÆÀ¤Ç¤¤ëÈÏ°Ï¤Ç¤Î²ò·èÊýË¡¤¬¸«¤Ä¤±¤é¤ì¤Æ¤Ê¤¤¤Ç¤¹¡£

¡ÖHTML¥¿¥°¤¢¤ê¤Î¥×¥ì¥Ó¥å¡¼¡×¤Ï¡¢XSS¤ÎÊý¤Ç¤¹¤Í¡£
¤³¤ì¤À¤È¡¢BigUmbrella¤â¸ú¤«¤Ê¤¤¤Ç¤¹¤·¡£

¤¿¤À¡¢µ»ö¤Ë¤â½ñ¤¤Þ¤·¤¿¤¬¡¢¤³¤ÎHTML¥×¥ì¥Ó¥å¡¼°Ê³°¤Ï¤¹¤Ù¤ÆBigUmbrella¤ÇXSS¤òÉõ¤¸¹þ¤á¤ë»ö¤¬¤Ç¤¤ë¤Î¤Ç¡¢¤¢¤È¤Ï¡¢HTML¥×¥ì¥Ó¥å¡¼¤Ë¥Á¥±¥Ã¥È¤Ê¤ê¥ê¥Õ¥¡¥é¡¼¥Á¥§¥Ã¥¯¤Ê¤ê¤òËä¤á¹þ¤á¤ÐOK¤¸¤ã¤Ê¤¤¤«¤ÈÆ§¤ó¤Ç¤Þ¤¹¡£

Quote:

Quote:
¾µÇ§À©¤Ç¤â»ö¼Â¾å°ÕÌ£¤Î¤Ê¤¤¥±¡¼¥¹¤¬Â¿¤¯¸«¤é¤ì¤Þ¤¹¤·¡£
´ÉÍý¼Ô¤ËCSRF¹¶·â¤ò»Å³Ý¤±¤é¤ì¤ë¤À¤±¤Ç¤¹¤«¤é¤Í¡£

»ä¤¬½ñ¤¤¤¿¤Î¤Ï¡¢¾µÇ§À©¤Î¥Á¥§¥Ã¥¯¤Ë¤ª¤¤¤Æ¡¢ScriptInsertion¤¬À®Î©¤·¤Æ¤¤¤ë¤â¤Î¤¬Â¿¤¤¡¢¤È¤¤¤¦°ÕÌ£¤À¤Ã¤¿¤Î¤Ç¤¹¤¬¡¢tohokuaiki¤µ¤ó¤Î¤ª¤Ã¤·¤ã¤ëÄÌ¤ê¡¢¾µÇ§¹Ô°Ù¤½¤Î¤â¤Î¤ò¡¢ÊÌÅÓXSS+CSRF¤Ç¶¯À©¤¹¤ë¡¢¤Ê¤ó¤Æ¼ê¤Ï¤¢¤ê¤Þ¤¹¤Í¡£

¤¿¤À¸å¼Ô¤Ï¡¢BigUmbrella¤ÇËÉ¤²¤ë¤È¤Ï»×¤¤¤Þ¤¹¤¬¡¢¤º¤Ã¤È¥Ù¥¿¡¼¤ÊÂÐºö¤È¤·¤Æ¡¢´ÉÍý¼Ô¾µÇ§¤Ëcapcha¤òÆ³Æþ¤¹¤ë¤·¤«¡ª

Votes:1 Average:0.00

Posts tree

Re: anti-XSS system (4) (tohokuaiki, 2006/7/13 12:32)
- Re: anti-XSS system (4) (GIJOE, 2006/7/13 17:57)
  - Re: anti-XSS system (4) (tohokuaiki, 2006/7/13 18:47)
    - Re: anti-XSS system (4) (GIJOE, 2006/7/14 15:03)

Lost Password?

Register now!