Go to Qiita Advent Calendar Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@yna020311(よなあ)

【13個目】【XSS】Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

Posted at

Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

概要

HTMLエンコードされるシングルクォーテーションを'直利用ではなく、'で回避してonclickで指定されている文字列を抜けて、格納型XSSを実行する

攻撃手順

  • 投稿フォームにて、引用符、山括弧がHTMLエンコードされるか確認
  • HTMLエンティティで既存のスクリプトを終了させて、格納型XSSを実行する

対策

  • サニタイズ処理の強化
  • CSP(Content Security Policy)でスクリプト実行を制限
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?