• Home

  • Documents

  • CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa
51
バグハンター の愉しみ Masato Kinugawa たの

CODE BLUE 2014 : バグハンターの愉しみ by キヌガワマサト Masato Kinugawa

Embed Size (px)

Citation preview

  1. 1. MasatoKinugawa
  2. 2. MasatoKinugawa () XSS
  3. 3. BountyProgram
  4. 4. BugBounty
  5. 5. 27135346
  6. 6. 27135346 (8)
  7. 7. !2010Google !
  8. 8. !GoogleVulnerabilityRewardProgram !1=$100~20,000 $130,803.7 127(/191)
  9. 9. UPUP!$
  10. 10.
  11. 11. ! ! ! !
  12. 12. !Google !$5,000()
  13. 13. https://accounts.google.com/example?oe=utf-32 HTTP/1.1200OK Alternate-Protocol:443:quic,p=0.01 Cache-Control:private,max-age=0 Content-Encoding:gzip Content-Type:text/html;charset=UTF-32 ... !URL !UTF-32
  14. 14. scriptalert(1)/script
  15. 15.
  16. 16. 0000220000003E0000003C00 000000730000006300000072 000000690000007000000074 00003E00000000610000006C 000000650000007200000074 000000280000003100000029 00003C000000002F00000073 000000630000007200000069 000000700000007400003E00 s c r i p t a l e r t ( 1 ) / s c r i p t UTF-3241
  17. 17. IEUTF-32 0000220000003E0000003C00 000000730000006300000072 000000690000007000000074 00003E00000000610000006C 000000650000007200000074 000000280000003100000029 00003C000000002F00000073 000000630000007200000069 000000700000007400003E00 s c r i p t a l e r t ( 1 ) / s c r i p t
  18. 18. http://l0.cm/encodings/table/
  19. 19. IE( s c r i p t > a l e r t ( 1 ) / s c r i p t >
  20. 20. / 1 1 1 1 1 11 11 11 1 1 11 11 11 111 11 11 11 1 1 11 1 1 1 1 1
  21. 21. !28.7% !87%IE
  22. 22. ! !IE Web
  23. 23. location.hrefJavaScript URL1 http://example.com/ http://example.com/ location.href
  24. 24. http://evil%[email protected]/ location.href http://evil/@example.com/ @URL URL
  25. 25. location.href @
  26. 26. http://evil%[email protected]/
  27. 27. ! !RSSfeed://URL !URL@ ! XSS(^o^)/
  28. 28. feed://URL (=)
  29. 29. XSS XSS
  30. 30.
  31. 31. feed://l0.cm%2Fcb.rss%[email protected]/
  32. 32. feed://l0.cm%2Fcb.rss%[email protected]/ alert('CODEBLUE2n'+ document.domain+'')
  33. 33. !/ ! http://masatokinugawa.l0.cm/
  34. 34. ! ! !XSS6
  35. 35. ! 22009 ! !XSS6 2009
  36. 36. 2009 2010
  37. 37. : Google
  38. 38. ! !
  39. 39. ! ! ! ! !
  40. 40. 1
  41. 41. ()
  42. 42.
  43. 43. @kinugawamasato masatokinugawa[at]gmail.com Contact

Toyo Ito and masato Araya's Experiments in the Structural Use of

Toyo Ito and masato Araya's Experiments in the Structural Use of

Documents
ADB - Masato Miyachi

ADB - Masato Miyachi

Documents
Masato Yamanaka (Saitama University) collaborators Shigeki Matsumoto Joe Sato Masato Senami arXiv:0705.0934 [hep-ph]Phys.Lett.B647:466-471 and Relic abundance

Masato Yamanaka (Saitama University) collaborators Shigeki Matsumoto Joe Sato Masato Senami arXiv:0705.0934 [hep-ph]Phys.Lett.B647:466-471 and Relic abundance

Documents
Kinugawa Masters Swim Team Hy-Tek's MEET MANAGER Page 1 ... · Kinugawa Masters Swim Team Hy-Tek's MEET MANAGER Page 1 VIII CAMPEONATO PAULISTA-25metros - 17-05-2003 to 18-05-2003

Kinugawa Masters Swim Team Hy-Tek's MEET MANAGER Page 1 ... · Kinugawa Masters Swim Team Hy-Tek's MEET MANAGER Page 1 VIII CAMPEONATO PAULISTA-25metros - 17-05-2003 to 18-05-2003

Documents
Bull. Volcano 39 (1994) No. 2 pp. 49-67 Masato IGUCHI*

Bull. Volcano 39 (1994) No. 2 pp. 49-67 Masato IGUCHI*

Documents
*Address for manuscript correspondence: Masato Okada, PhD ...Mar 09, 2011  · *Address for manuscript correspondence: Masato Okada, PhD., Department of Oncogene Research, Research

*Address for manuscript correspondence: Masato Okada, PhD ...Mar 09, 2011  · *Address for manuscript correspondence: Masato Okada, PhD., Department of Oncogene Research, Research

Documents
Masato Shiozawa (UTokyo) - ハイパーカミオカンデ · Japan-based neutrino program Masato Shiozawa (UTokyo) Super-K talk by Y.Suzuki, K2K/T2K talk T.Nakaya, T2K talk by A.Izmaylov,

Masato Shiozawa (UTokyo) - ハイパーカミオカンデ · Japan-based neutrino program Masato Shiozawa (UTokyo) Super-K talk by Y.Suzuki, K2K/T2K talk T.Nakaya, T2K talk by A.Izmaylov,

Documents
Kanto Buffet-Kinugawa-Nikko Onsen Stay (2018Jan-Mar) · hk$1,650 hk$2,160 hk$2,520 c 雙人房(twin) ... p.2/7 ac100(p.p) / extn50(p.p) / kbp+kinugawa-nikko hotel stay .

Kanto Buffet-Kinugawa-Nikko Onsen Stay (2018Jan-Mar) · hk$1,650 hk$2,160 hk$2,520 c 雙人房(twin) ... p.2/7 ac100(p.p) / extn50(p.p) / kbp+kinugawa-nikko hotel stay .

Documents
【 愉閱龍門 】 科普悅讀社

【 愉閱龍門 】 科普悅讀社

Documents
オペラの愉しみ(3)pmfvharmony.sakura.ne.jp › opera3.pdfオペラの愉しみ(3) 2011・0888 9、1988年 メトロポリタン・オペラメトロポリタン・オペラ公演

オペラの愉しみ(3)pmfvharmony.sakura.ne.jp › opera3.pdfオペラの愉しみ(3) 2011・0888 9、1988年 メトロポリタン・オペラメトロポリタン・オペラ公演

Documents
祝 大 家 学 习 愉 快

祝 大 家 学 习 愉 快

Documents
Ling Chia Wang (student) and Masato R. Nakamura (advisor)

Ling Chia Wang (student) and Masato R. Nakamura (advisor)

Documents
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015

XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015

Software
Série de Stages avec Masato Matsuura

Série de Stages avec Masato Matsuura

Documents
Masato Hirota

Masato Hirota

Documents
Tesis Elaboracion Masato

Tesis Elaboracion Masato

Documents
Masato Tanakasb70e2f41a0ef99a9.jimcontent.com/download/version/1459302971/... · 1 Masato Tanaka's formation ... I・3Masato Tanaka met Kazuo It oga at Ohmi ... li shed a book in

Masato Tanakasb70e2f41a0ef99a9.jimcontent.com/download/version/1459302971/... · 1 Masato Tanaka's formation ... I・3Masato Tanaka met Kazuo It oga at Ohmi ... li shed a book in

Documents
Masato ito

Masato ito

Business
SAKURA IN TOHOKU (NORTHEASTERN) (NIKKO-KINUGAWA … · เรียนแต่งสีตุ๊กตาวัวแดง “อะคาเบะโคะ” – อุระบันได

SAKURA IN TOHOKU (NORTHEASTERN) (NIKKO-KINUGAWA … · เรียนแต่งสีตุ๊กตาวัวแดง “อะคาเบะโคะ” – อุระบันได

Documents
CODE BLUE 2014 : Joy of a bug hunter by Masato Kinugawa

CODE BLUE 2014 : Joy of a bug hunter by Masato Kinugawa

Career
Masato Yamanaka (Saitama University)

Masato Yamanaka (Saitama University)

Documents
Masato Yamanaka (Tokyo university, ICRR) Collaborators Shigeki Matsumoto Joe Sato Masato Senami PHYSICAL REVIEW D 80, 056006 (2009)

Masato Yamanaka (Tokyo university, ICRR) Collaborators Shigeki Matsumoto Joe Sato Masato Senami PHYSICAL REVIEW D 80, 056006 (2009)

Documents
Mathematics for Industry 29 Tsuyoshi Takagi Masato Wakayama … · 2017. 7. 26. · Mathematics for Industry 29 Tsuyoshi Takagi Masato Wakayama Keisuke Tanaka Noboru Kunihiro Kazufumi

Mathematics for Industry 29 Tsuyoshi Takagi Masato Wakayama … · 2017. 7. 26. · Mathematics for Industry 29 Tsuyoshi Takagi Masato Wakayama Keisuke Tanaka Noboru Kunihiro Kazufumi

Documents
Can Women Save Japan?; by Chad Steinberg and Masato Nakane

Can Women Save Japan?; by Chad Steinberg and Masato Nakane

Documents
Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 5.0 - … · Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 5.0 - 4:46 PM 25/10/2015 Pagina 2 VIII TORNEIO TIMÃO DE NATAÇÃO-TR.MARIO

Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 5.0 - … · Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 5.0 - 4:46 PM 25/10/2015 Pagina 2 VIII TORNEIO TIMÃO DE NATAÇÃO-TR.MARIO

Documents
XSSフィルターを利用したXSS攻撃 by Masato Kinugawa

XSSフィルターを利用したXSS攻撃 by Masato Kinugawa

Software
Masato Hayashi & Izumi Nagatani Japan Aerospace Exploration … · 2019. 10. 21. · Masato Hayashi & Izumi Nagatani Japan Aerospace Exploration Agency (JAXA) ICA- AXA orest E rly

Masato Hayashi & Izumi Nagatani Japan Aerospace Exploration … · 2019. 10. 21. · Masato Hayashi & Izumi Nagatani Japan Aerospace Exploration Agency (JAXA) ICA- AXA orest E rly

Documents
Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 3.0 - 0 ... · Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 3.0 - 0:51 AM 26/03/2011 Page 1 XV Circuito Paulista de Masters de

Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 3.0 - 0 ... · Kinugawa Masters Swim Team HY-TEK's MEET MANAGER 3.0 - 0:51 AM 26/03/2011 Page 1 XV Circuito Paulista de Masters de

Documents
Amazònia , masato o petroli

Amazònia , masato o petroli

Documents
Life cycle greenhouse gas emission of wooden guardrails: a study … · 2017. 8. 25. · Ryu Noda noda.ryu.008@m.kyushu-u.ac.jp Masato Yamanouchi yamanochi-masato@pref.nagano.lg.jp

Life cycle greenhouse gas emission of wooden guardrails: a study … · 2017. 8. 25. · Ryu Noda [email protected] Masato Yamanouchi [email protected]

Documents