{"html":"","version":"1.0","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/T/ThisIsOne/20220502/20220502220013.png","blog_title":"Shikata Ga Nai","type":"rich","url":"https://cysec148.hatenablog.com/entry/2022/05/02/221024","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","categories":["Bug Bounty"],"author_name":"ThisIsOne","provider_url":"https://hatena.blog","published":"2022-05-02 22:10:24","blog_url":"https://cysec148.hatenablog.com/","provider_name":"Hatena Blog","height":"190","width":"100%","title":"Stealing User Information Via XSS Via Parameter Pollution\u3092\u8a33\u3057\u3066\u307f\u305f","description":"Hello there, ('\u03c9')\u30ce \u30d1\u30e9\u30e1\u30fc\u30bf\u6c5a\u67d3\u3092\u4ecb\u3057\u3066XSS\u3092\u4ecb\u3057\u3066\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u76d7\u3080\u3092\u3002 \u8106\u5f31\u6027\uff1a \u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8 XSS \u8a18\u4e8b\uff1a https://levelup.gitconnected.com/stealing-user-information-via-xss-via-parameter-pollution-7d99b3379e7d \u4eca\u56de\u306f\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u304b\u3089\u59cb\u3081\u3066\u3001\u4e00\u9023\u306ejavascript\u30d5\u30a1\u30a4\u30eb\u3092\u30ec\u30d3\u30e5\u30fc\u3057\u3002 \u6700\u7d42\u7684\u306b\u3001\u958b\u767a\u8005\u304c\u30b5\u30fc\u30d0\u3067\u306f\u306a\u304f\u7279\u5b9a\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3057\u305f\u5f8c\u306b\u3002 \u30e6\u30fc\u30b6\u3092\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3059\u308b\u3053\u3068\u3092\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u8a31\u53ef\u3057\u305f\u305f\u3081\u3002 Open Redirect\u2026"}