再给我解析一次宝贝：通过解析差异绕过 HTML 清理器.pdf

《再给我解析一次宝贝：通过解析差异绕过 HTML 清理器.pdf》由会员分享，可在线阅读，更多相关《再给我解析一次宝贝：通过解析差异绕过 HTML 清理器.pdf（83页珍藏版）》请在三个皮匠报告上搜索。

1、#BHEU BlackHatEventsParse Me Baby One More Time:Bypassing HTML Sanitizervia Parsing DifferentialsSpeaker:David Klein PhD CandidateResearch interests:Web Security Privacy Application Security1About MeClient-Sidedocument.write(location.hash);Server-Side?phpecho$_GETname;2Cross Site Scripting(XSS)Clien

2、t-Sidedocument.write(location.hash);Server-Side?phpecho$_GETname;User InputUser Input2Cross Site Scripting(XSS)Client-Sidedocument.write(location.hash);Server-Side?phpecho$_GETname;ReflectionReflection2Cross Site Scripting(XSS)Client-Sidedocument.write(location.hash);Server-Side?phpecho$_GETname;Suc

3、h Code Patterns Are Everywhere!2Cross Site Scripting(XSS)Client-Sidedocument.write(location.hash);Server-Side?phpecho$_GETname;Such Code Patterns Are Everywhere!2Cross Site Scripting(XSS)3Everywhere?Client-SideDynamic Taint Tracking!A taint browserProject FoxhoundServer-SideLess clearSAST?DAST?Linte

4、r?4Detecting XSS?Simply remove or change dangerous parts from the input Allow formatting tags to pass through,but remove everything dangerous E.g.,This is called sanitization5Sanitization to Prevent XSS?Simply remove or change dangerous parts from the input Allow formatting tags to pass through,but

5、remove everything dangerous E.g.,This is called sanitization5Sanitization to Prevent XSS?Simply remove or change dangerous parts from the input Allow formatting tags to pass through,but remove everything dangerous E.g.,This is called sanitization5Sanitization to Prevent XSS?Simply remove or change d

6、angerous parts from the input Allow formatting tags to pass through,but remove everything dangerous E.g.,This is called sanitizationDefinition:SanitizerFunction taking arbitrary input and returns a safe valueThe output shall resemble the input I.e.,perserve benign parts5Sanitization to Prevent XSSRe