Hacker101 ~XSS and Authorization
今回は、HackerOneにあるHacker101を使って、どのような脆弱性があるか学びます。
今更ですが。。。
- Introduction
- The Web In Depth
- XSS and Authorization <-今日はこれ
- SQL Injection and Friends
- Session Fixation
- Clickjacking
- File Inclusion Bugs
- File Upload Bugs
- Null Termination Bugs
- Unchecked Redirects
- Password Storage
- Crypto series
- Threat Modeling
- Writing Good Reports
- Burp Suite series
- Secure Architecture Review
- Server-Side Request Forgery
- Source Code Review
- XML External Entities
- Cookie Tampering Techniques
- Mobile App Hacking series
- Native Code Crash Course
◇種類
・Reflected XSS
・Stored XSS
・DOM XSS
◇Sampe:
"><h1>test</h1>
'+alert(1)+'
"onmouseover="alert(1)
http://"onmouseover="alert(1)
以上