47
38

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

Qiitaの脆弱性を見つけた話

Last updated at Posted at 2015-07-07

XSS脆弱性を利用して勝手にストックされる記事を投稿しところ、当然ながら運営に限定公開にされました。

SnapCrab_NoName_2015-7-7_18-35-2_No-00.png

修正のコミット
https://github.com/increments/qiita-markdown/commit/f8165300b443e549ea8dc70c321da5ffe9cbf296?diff=split

発見の流れ

  • マークダウンのタグにclassが指定できた
  • BootStrapのコンポーネントが使えた
  • Tooltipコンポーネントにscriptタグを埋め込んだ

最後に

Qiitaにも脆弱性報酬金制度が欲しいですね。

47
38
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
47
38

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?