Go to Qiita Advent Calendar Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@yna020311(よなあ)

【12個目】【XSS】Reflected XSS with some SVG markup allowed

Posted at

Reflected XSS with some SVG markup allowed

概要

Burp SuiteのIntruder機能を用いて、ブルートフォースでWAFで許可されているHTMLタグとイベントを特定する

攻撃手順

  • 検索フォームにて代表的な攻撃文字列でXSSが発生するか確認
  • Intruder機能を使用し、ブルートフォースでWAFで許可されているHTMLタグとイベントを特定する

対策

  • HTMLタグ及びイベントを厳格に管理
  • サニタイズ処理の強化
  • CSP(Content Security Policy)でスクリプト実行を制限
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?