Movatterモバイル変換

Uploaded bytakesako

PPT, PDF4,716 views

HTML Binary Hacks & GIF89a Ployglot

http://conferences.yapcasia.org/ya2008/talk/1299

Technology◦Entertainment & Humor◦

Downloaded 45 times

HTML Binary Hacks - GIF89a Polyglot - Cybozu Labs, Inc. TAKESAKO <takesako@shibuya.pm.prg>

I’ll show you, HTML 2.0 hacks.

1.0 HTML Browser Detection

HTML Quiz <img src=”1.gif” src=”2.gif”> (1) 1.gif (2) 2.gif (3) N/A Answers. Q1. What will you see? (on your browser)

$Q2. What’s this? <img /src = ”1.gif” ”” src{\x00} = ”2.gif” ’ src{\x0c} = ”3.gif” src = ”4.gif” /> (1) 1.gif (2) 2.gif (3) 3.gif (4) 4.gif Answers. -> ie -> Safari -> firefox -> others$

$print<<EOF; <img /src \x00 ="ie.gif" /''src \x00 ="firefox1_5.gif" /''src="firefox2_0.gif" /""src="gecko_others.gif" "s \x00 rc="safari2.gif" "src="safari3.gif" ""src="konqueror.gif" src \x00 ="w3m.gif" src \x0c ="opera.gif" src="others.gif" src="lynx.gif" /> EOF$

http://wafful.org Demo

It can detect “Konqueror”, “Safari2” !

No JavaScript & No CSS hacks

lynx

w3m

Mozilla/5.0 (PLAYSTATION 3; 1.00)  others.gif

1.0 The End

2.0 GIF89a Polyglot

Animation GIF image Yappoc.gif

どう見ても Yappo です本当にありがとうございました（ｒｙ

Polyglot DEMO HTML/CSS & JS & Perl & GIF89a

$JavaScript in GIF GIF89a( q /*....../);sub GIF89a{print "Hello Perl!"} __END__#*/ =1 );function GIF89a(){alert("Hello JavaScrpt!")} /*<body style=visibility:hidden> <div style=position:relative;visibility:visible> <h1>Hello HTML!</h1><img src=?> <script src=# language=JavaScript></script></div> */ // ;$

$HTML/CSS in GIF GIF89a(q/*....../);sub GIF89a{print "Hello Perl!"} __END__#*/=1);function GIF89a(){alert("Hello JavaScrpt!")} /* <body style=visibility:hidden> <div style=position:relative;visibility:visible> <h1>Hello HTML!</h1>  <img src=?> <script src=# language=JavaScript></script> </div> */// ;$

$Perl in GIF GIF89a(q /*....../ );sub GIF89a{print "Hello Perl!"} __END__ #*/=1);function GIF89a(){alert("Hello JavaScrpt!")} /*<body style=visibility:hidden> <div style=position:relative;visibility:visible> <h1>Hello HTML!</h1><img src=?> <script src=# language=JavaScript></script></div> */// ;$

Demo

Thank you

Recommended

PDF

SENI MADONSELA CV

bysibongiseni madonsela

DOC

Abdul Malik Omar cv

byThunda Empire malik Bright

PDF

UP academic Record

byRiaan Oberholster

PDF

Medhufushi Island Resort Experience Certificate

DOCX

TEBOGO MONYELA CV

bytebogo monyela

PDF

CURRICULUM VITAE OF

byMandisa S Dlamini

DOCX

Diploma in civil engineering with 31 years experience both in project & main...

byNirmal Chatterjee

DOCX

Ma. Sarah Guevarra (Resume)QA (Autosaved) copy

bySarah Guevarra

PDF

Provisional Certificate

PDF

Trade Certificate (2)

byMornay Rossouw

PDF

Recommendation letter for Joseph Pirrone_Hakob_UMD Professor

byJoseph Pirrone

PDF

Recommendation Letter Prof Miller

byPauline Bressy

PDF

Letters of recomendation

PDF

Reference Letter Executive Chef

byNirajan Chaulagain

DOC

A CV of DR. Engr. Md. Mamunur Rashid

byMamunur Rashid Center

DOC

A.Nassir CV new

byAbdinassir Hussein

DOCX

unofficial transcript

byJordyn Eckersley

DOC

Miss N P Dlamini CV (UpdatedCV2016) (1) (1)

byNomaswazi Dlamini

PDF

Recommendation Letter 1

PDF

Degree and student copys

byGetahun Mengistu

PDF

Transcripts of Grades in Masters- NTNU

PDF

Degree course complition letter

bySaidy Lca M.N.

DOCX

BAFFOUR CV

byPaul Baffour Asare

PDF

MEng (Hons) Degree Certificate

byEngr. Mohd Kamal Haziq Kamaruzaman

PDF

letter of recommendation

byjennifer montanez

DOCX

CURRICULUM VITAE Nozipho

byNozipho Mcedwana

DOCX

CV

byPhakama Mngangwa

DOCX

Yasin Ahmmed's Resume

PDF

Polyglot payloads in practice by avlidienbrunn at HackPra

byMathias Karlsson

PDF

Security Automation using ZAP

byVaibhav Gupta

More Related Content

PDF

SENI MADONSELA CV

bysibongiseni madonsela

DOC

Abdul Malik Omar cv

byThunda Empire malik Bright

PDF

UP academic Record

byRiaan Oberholster

PDF

Medhufushi Island Resort Experience Certificate

DOCX

TEBOGO MONYELA CV

bytebogo monyela

PDF

CURRICULUM VITAE OF

byMandisa S Dlamini

DOCX

Diploma in civil engineering with 31 years experience both in project & main...

byNirmal Chatterjee

DOCX

Ma. Sarah Guevarra (Resume)QA (Autosaved) copy

bySarah Guevarra

SENI MADONSELA CV

bysibongiseni madonsela

Abdul Malik Omar cv

byThunda Empire malik Bright

UP academic Record

byRiaan Oberholster

Medhufushi Island Resort Experience Certificate

TEBOGO MONYELA CV

bytebogo monyela

CURRICULUM VITAE OF

byMandisa S Dlamini

Diploma in civil engineering with 31 years experience both in project & main...

byNirmal Chatterjee

Ma. Sarah Guevarra (Resume)QA (Autosaved) copy

bySarah Guevarra

What's hot

PDF

Provisional Certificate

PDF

Trade Certificate (2)

byMornay Rossouw

PDF

Recommendation letter for Joseph Pirrone_Hakob_UMD Professor

byJoseph Pirrone

PDF

Recommendation Letter Prof Miller

byPauline Bressy

PDF

Letters of recomendation

PDF

Reference Letter Executive Chef

byNirajan Chaulagain

DOC

A CV of DR. Engr. Md. Mamunur Rashid

byMamunur Rashid Center

DOC

A.Nassir CV new

byAbdinassir Hussein

DOCX

unofficial transcript

byJordyn Eckersley

DOC

Miss N P Dlamini CV (UpdatedCV2016) (1) (1)

byNomaswazi Dlamini

PDF

Recommendation Letter 1

PDF

Degree and student copys

byGetahun Mengistu

PDF

Transcripts of Grades in Masters- NTNU

PDF

Degree course complition letter

bySaidy Lca M.N.

DOCX

BAFFOUR CV

byPaul Baffour Asare

PDF

MEng (Hons) Degree Certificate

byEngr. Mohd Kamal Haziq Kamaruzaman

PDF

letter of recommendation

byjennifer montanez

DOCX

CURRICULUM VITAE Nozipho

byNozipho Mcedwana

DOCX

CV

byPhakama Mngangwa

DOCX

Yasin Ahmmed's Resume

Provisional Certificate

Trade Certificate (2)

byMornay Rossouw

Recommendation letter for Joseph Pirrone_Hakob_UMD Professor

byJoseph Pirrone

Recommendation Letter Prof Miller

byPauline Bressy

Letters of recomendation

Reference Letter Executive Chef

byNirajan Chaulagain

A CV of DR. Engr. Md. Mamunur Rashid

byMamunur Rashid Center

A.Nassir CV new

byAbdinassir Hussein

unofficial transcript

byJordyn Eckersley

Miss N P Dlamini CV (UpdatedCV2016) (1) (1)

byNomaswazi Dlamini

Recommendation Letter 1

Degree and student copys

byGetahun Mengistu

Transcripts of Grades in Masters- NTNU

Degree course complition letter

bySaidy Lca M.N.

BAFFOUR CV

byPaul Baffour Asare

MEng (Hons) Degree Certificate

byEngr. Mohd Kamal Haziq Kamaruzaman

letter of recommendation

byjennifer montanez

CURRICULUM VITAE Nozipho

byNozipho Mcedwana

CV

byPhakama Mngangwa

Yasin Ahmmed's Resume

Viewers also liked

PDF

Polyglot payloads in practice by avlidienbrunn at HackPra

byMathias Karlsson

PDF

Security Automation using ZAP

byVaibhav Gupta

PPTX

Application Security Vulnerabilities: OWASP Top 10 -2007

byVaibhav Gupta

PPT

OAuth 2.0 & Security Considerations

byVaibhav Gupta

PPTX

Application Security Risk Rating

byVaibhav Gupta

PDF

HTML5 for Security Folks

byVaibhav Gupta

Polyglot payloads in practice by avlidienbrunn at HackPra

byMathias Karlsson

Security Automation using ZAP

byVaibhav Gupta

Application Security Vulnerabilities: OWASP Top 10 -2007

byVaibhav Gupta

OAuth 2.0 & Security Considerations

byVaibhav Gupta

Application Security Risk Rating

byVaibhav Gupta

HTML5 for Security Folks

byVaibhav Gupta

More from takesako

PPT

Shibuyajs Digest

PPT

HTML2.0 - digg - OSC2007-fall

PPT

Shibuya.pm#8 - ImageFight - HTML 2.0 New Browser Detection

PPTX

Node.js - JavaScript Thread Programming

PPTX

x86x64 SSE4.2 POPCNT

PPTX

Node.js - sleep sort algorithm

PPT

GIF89a Oldtype

PDF

That Goes Without Alpha-Num (or Does It ?) all your base10 are belong to us

PDF

SECCON CTF セキュリティ競技会コンテスト開催について

PPTX

再帰的正規表現JSON Validator

PDF

Perl6 Regex Programming with Rakudo

PDF

Acme::MineChan LT demo

PDF

正規表現‐もう一つのバベルの塔‐木村浩一

PPT

Shibuyajs24 JavaScript.GIF x LiveConnect

PDF

Devsumi2010 Ecmascript5 (ISO/IEC JTC1/SC22)

PDF

Acme minechan

PDF

Devsumi2008 - YAPC::Asia 2008 Tokyo

PDF

Perl x86 JIT Programming

PPT

YAPC::Asia 2008 Closing Ceremony

Shibuyajs Digest

HTML2.0 - digg - OSC2007-fall

Shibuya.pm#8 - ImageFight - HTML 2.0 New Browser Detection

Node.js - JavaScript Thread Programming

x86x64 SSE4.2 POPCNT

Node.js - sleep sort algorithm

GIF89a Oldtype

That Goes Without Alpha-Num (or Does It ?) all your base10 are belong to us

SECCON CTF セキュリティ競技会コンテスト開催について

再帰的正規表現JSON Validator

Perl6 Regex Programming with Rakudo

Acme::MineChan LT demo

正規表現‐もう一つのバベルの塔‐木村浩一

Shibuyajs24 JavaScript.GIF x LiveConnect

Devsumi2010 Ecmascript5 (ISO/IEC JTC1/SC22)

Acme minechan

Devsumi2008 - YAPC::Asia 2008 Tokyo

Perl x86 JIT Programming

YAPC::Asia 2008 Closing Ceremony

HTML Binary Hacks & GIF89a Ployglot

1.
HTML Binary Hacks- GIF89a Polyglot - Cybozu Labs, Inc. TAKESAKO <takesako@shibuya.pm.prg>
2.
I’ll show you, HTML 2.0 hacks.
3.
1.0 HTML BrowserDetection
4.
HTML Quiz <imgsrc=”1.gif” src=”2.gif”> (1) 1.gif (2) 2.gif (3) N/A Answers. Q1. What will you see? (on your browser)
5.
Q2. What’s this?<img /src = ”1.gif” ”” src{\x00} = ”2.gif” ’ src{\x0c} = ”3.gif” src = ”4.gif” /> (1) 1.gif (2) 2.gif (3) 3.gif (4) 4.gif Answers. -> ie -> Safari -> firefox -> others
6.

7.
print<<EOF; <img /src\x00 ="ie.gif" /''src \x00 ="firefox1_5.gif" /''src="firefox2_0.gif" /""src="gecko_others.gif" "s \x00 rc="safari2.gif" "src="safari3.gif" ""src="konqueror.gif" src \x00 ="w3m.gif" src \x0c ="opera.gif" src="others.gif" src="lynx.gif" /> EOF
8.
http://wafful.org Demo
9.
10.
It can detect“Konqueror”, “Safari2” !
11.
No JavaScript &No CSS hacks
12.
lynx
13.
w3m
14.
Mozilla/5.0 (PLAYSTATION 3;1.00)  others.gif
15.

16.
1.0 The End
17.
2.0 GIF89a Polyglot
18.
Animation GIF image Yappoc.gif
19.
どう見ても Yappo です本当にありがとうございました（ｒｙ
20.
Polyglot DEMO HTML/CSS& JS & Perl & GIF89a
21.
JavaScript in GIFGIF89a( q /*....../);sub GIF89a{print "Hello Perl!"} __END__#*/ =1 );function GIF89a(){alert("Hello JavaScrpt!")} /*<body style=visibility:hidden> <div style=position:relative;visibility:visible> <h1>Hello HTML!</h1><img src=?> <script src=# language=JavaScript></script></div> */ // ;
22.
HTML/CSS in GIFGIF89a(q/*....../);sub GIF89a{print "Hello Perl!"} __END__#*/=1);function GIF89a(){alert("Hello JavaScrpt!")} /* <body style=visibility:hidden> <div style=position:relative;visibility:visible> <h1>Hello HTML!</h1>  <img src=?> <script src=# language=JavaScript></script> </div> */// ;
23.
Perl in GIFGIF89a(q /*....../ );sub GIF89a{print "Hello Perl!"} __END__ #*/=1);function GIF89a(){alert("Hello JavaScrpt!")} /*<body style=visibility:hidden> <div style=position:relative;visibility:visible> <h1>Hello HTML!</h1><img src=?> <script src=# language=JavaScript></script></div> */// ;
24.
Demo
25.
26.
27.
Thank you

[8]ページ先頭

©2009-2025 Movatter.jp