Namazu-devel-ja($B5l(B)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Namazu v2.0.7 $B$K%/%m%9%5%$%H%9(B$B%/%j%W%F%#%s%0@H

From: "TAKAGI, Hiromitsu" <takagi.hiromitsu@xxxxxxxxxx>
Date: Sun, 25 Nov 2001 19:03:46 +0900
X-ml-name: namazu-devel-ja
X-mail-count: 02114

Namazu Project $B%;%-%e%j%F%#$4C4EvMM!'(B
(B
$B;d$I$b;:6H5;=QAm9g8&5f=j$N%;%-%e%j%F%#@He$NLdBjE@$,B8:_$7$F$$$k$H?d;!$5$l$^$7$?$N$G!"$3$N$3$H$K$D(B
$B$$$F5;=QE*$J4QE@$+$i$*CN$i$;$$$?$7$^$9!#(B
(B
(B
$B"#LdBjE@(B
(B========
(B
(BNamazu$B$r(BCGI$B$H$7$FMxMQ$9$k!V(Bnamazu.cgi$B!W$K$O!"(BHTML$B$rF0E*$K@8@.$9$k:]$K(B
$B%a%?%-%c%i%/%?$NE,@Z$J%(%9%1!<%W=hM}$rBU$C$F$$$k8D=j$,;DB8$7$F$$$^$9!#(B
(B
$B6qBNE*$K$O!"8!:w7k2L$N2hLL$NKvHx$K8=$l$k!V%Z%$%8(B: [1]$B!W$NItJ,$G!"%Q%i(B
$B%a%?!V(Blang$B!W$H$7$FM?$($i$l$?J8;zNs$r=PNO$9$k8D=j$G$9!#(B
(B
$B8!>Zhttp://www.namazu.org/cgi-bin/namazu.cgi?query=test&whence=1&lang="><S>test</S>&idxname=www.namazu.org.ja
(B
$B$=$N7k2L$r?^(B1$B$K<($7$^$9!#Lp0u$,;X$9ItJ,$G!"M?$($?J8;zNs!V(B<S>test</S>$B!W(B
$B$N!V(B<S>$B!W$,(BHTML$B%?%0$H$7$F%V%i%&%6$K2rhttp://SecurIT.etl.go.jp/confidential/cross-site-scripting/namazu/fig/fig-1.gif
(B
$B$^$?!"B>$N8!>ZNc$H$7$F2<$N(BURL$B$K%"%/%;%9$7$F$_$F$/$@$5$$!#(B
(B
(B  http://www.namazu.org/cgi-bin/namazu.cgi?query=test&whence=1&lang="><SCRIPT>alert(document.domain)</SCRIPT>&idxname=www.namazu.org.ja
(B
$B%"%i!<%H%\%C%/%9$,8=$l!"%9%/%j%W%H$,Z$7$F$_$?$H$3$m!"(Bv2.0.7$B$G$bF1$88=>]$,3NG'$5$l$^(B
$B$7$?!#(B
(B
(B
$B"#6<0R(B
(B======
(B
(Bcookie$B$rH/9T$7$F$$$k%5%$%H$,!"F1$8%I%a%$%s>e$G(Bnamazu.cgi$B$r1?MQ$9$k$H!"(B
$B$3$N@Hl9g$K$O!"(Bcookie$B$rEp$^$l$k$3$H$G(B
$B%;%C%7%g%s$r>h$CpJs$,O31L$9$k$J$I$N7k2L$r>7$/>l9g(B
$B$,$"$j$^$9!#(B
(B
$B%/%m%9%5%$%H%9%/%j%W%F%#%s%0@H\:Y$K$D$$$F!";29MJ8(B
$B8%(B[1][2][3][4]$B$J$I$r$4;2>H$/$@$5$$!#(B
(B
(B
$B"#2~A10F(B
(B========
(B
$BLdBj$N@8$8$?8D=j$O!"(B
(B
(B   <a href="....&lang=XXXX&....">
(B
$B$N!V(BXXXX$B!W$NItJ,$K$"$j$^$7$?!#0lHL$K!"!V(B"$B!W$G3g$kItJ,$KJ8;zNs$rA^F~$7(B
$B$F=PNO$9$k>l9g$K$O!"$=$NJ8L.$G$OJ8;z!V(B"$B!W$O%a%?%-%c%i%/%?$J$N$G$"$j!"(B
$B!V(B&quot;$B!W$J$I$K%(%9%1!<%W$9$kI,MW$,$"$j$^$9!#(B
(B
$B%a%?%-%c%i%/%?$N%(%9%1!<%WO3$l$O!";W$o$L$H$3$m$K;DB8$7$F$$$k$b$N$G$9!#(B
$BI,MW:G>.8B$NJQ?t$KBP$7$F%(%9%1!<%W%U%#%k%?$rDL$9$H$$$&BP:vJ}K!$h$j$b!"(B
$B$9$Y$F$NJ8;zNs=PNO=hM}!J%?%0%G%j%_%?$d0zMQId$=$N$b$N$r=PNO$7$?$$>l9g$r(B
$B=|$/!K$K$*$$$F%(%9%1!<%W%U%#%k%?$rDL$9$h$&5-=R$9$k$N$,3N&http://securit.etl.go.jp/research/paper/css2001-takagi-dist.pdf
(B
(B[2] $B>pJs=hM}?66=;v6H6(2q%;%-%e%j%F%#%;%s%?!<(B $B6[5^BP:v>pJs(B
(B    Web$B%5%$%H$K$*$1$k%/%m%9%5%$%H(B $B%9%/%j%W%F%#%s%0@HpJs(B
(B    http://www.ipa.go.jp/security/ciadr/20011023css.html
(B
(B[3] CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client
(B    Web Requests
(B    http://www.cert.org/advisories/CA-2000-02.html
(B
(B[4] Microsoft: Information on Cross-Site Scripting Security
(B    Vulnerability 
(B    http://www.microsoft.com/technet/security/crssite.asp
(B
(B
$B0J>e!#(B
(B--
$B9bLZ(B $B9@8w!wFHN)9T@/K!?M;:6H5;=QAm9g8&5f=j(B
(Bhttp://staff.aist.go.jp/takagi.hiromitsu/
(B
$B")(B305-8568 $B0q>k8)$D$/$P;TG_1`(B1-1-1$BCf1{Bh(B2
$BFHN)9T@/K!?M(B $B;:6H5;=QAm9g8&5f=j(B
$B>pJs=hM}8&5fItLg(B $B%O%$%(%s%I>pJs5;=Q%0%k!<%W(B 
$B%$%s%?!<%M%C%H%"%W%j%1!<%7%g%s%;%-%e%j%F%#@Hhttp://SecurIT.etl.go.jp/

Follow-Ups:

Prev by Date: Re: ja_JP.SJIS.po
Next by Date: Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j(B$B%W%F%#%s%0@H

Previous by thread: Re: ja_JP.SJIS.po
Next by thread: Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j(B$B%W%F%#%s%0@H

Index(es):
- Date
- Thread

Namazu-devel-ja($B5l(B)

Namazu-devel-ja($B5l(B)