{"id":479274,"date":"2023-08-09T10:32:55","date_gmt":"2023-08-09T10:32:55","guid":{"rendered":""},"modified":"2023-09-05T11:18:30","modified_gmt":"2023-09-05T11:18:30","slug":"template-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/template-injection\/","title":{"rendered":"\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3"},"content":{"rendered":"<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3001\u7279\u306b\u30b5\u30fc\u30d0\u30fc\u5074\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u3092\u5229\u7528\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u6df1\u523b\u306a\u5f71\u97ff\u3092\u53ca\u307c\u3059\u53ef\u80fd\u6027\u306e\u3042\u308b\u30b5\u30a4\u30d0\u30fc \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8106\u5f31\u6027\u3067\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u304c\u9069\u5207\u306b\u691c\u8a3c\u3055\u308c\u305a\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u76f4\u63a5\u57cb\u3081\u8fbc\u307e\u308c\u305f\u5834\u5408\u306b\u767a\u751f\u3057\u3001\u653b\u6483\u8005\u304c\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0 \u30d7\u30ed\u30bb\u30b9\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u60aa\u7528\u3055\u308c\u308b\u3068\u3001\u30c7\u30fc\u30bf\u306e\u6d41\u51fa\u3001\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u3001\u6a29\u9650\u306e\u6607\u683c\u306a\u3069\u3001\u3055\u307e\u3056\u307e\u306a\u653b\u6483\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8d77\u6e90\u3068\u305d\u306e\u6700\u521d\u306e\u8a00\u53ca\u306e\u6b74\u53f2<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u306f\u3001\u30d7\u30ec\u30bc\u30f3\u30c6\u30fc\u30b7\u30e7\u30f3\u5c64\u3092\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 \u30ed\u30b8\u30c3\u30af\u304b\u3089\u5206\u96e2\u3059\u308b\u305f\u3081\u306b\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u304c\u666e\u53ca\u3057\u305f Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u958b\u767a\u306e\u521d\u671f\u306e\u9803\u304b\u3089\u5b58\u5728\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u6982\u5ff5\u306f\u30012000 \u5e74\u4ee3\u534a\u3070\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u304c\u3055\u307e\u3056\u307e\u306a Web \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3053\u306e\u8105\u5a01\u3092\u7279\u5b9a\u3057\u305f\u3068\u304d\u306b\u521d\u3081\u3066\u5c0e\u5165\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u3059\u308b\u8a73\u7d30\u60c5\u5831\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30c8\u30d4\u30c3\u30af\u306e\u62e1\u5f35<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u3092\u30bf\u30fc\u30b2\u30c3\u30c8\u3068\u3059\u308b\u30b3\u30fc\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u306e\u4e00\u7a2e\u3067\u3059\u3002Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4f7f\u7528\u3057\u3066\u52d5\u7684\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u751f\u6210\u3059\u308b\u5834\u5408\u3001\u901a\u5e38\u306f\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0 \u30d7\u30ed\u30bb\u30b9\u4e2d\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u6307\u5b9a\u3057\u305f\u30c7\u30fc\u30bf\u306b\u7f6e\u304d\u63db\u3048\u3089\u308c\u308b\u5909\u6570\u306b\u4f9d\u5b58\u3057\u307e\u3059\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u3053\u308c\u3089\u306e\u5909\u6570\u3092\u64cd\u4f5c\u3057\u3066\u72ec\u81ea\u306e\u30b3\u30fc\u30c9\u3092\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u633f\u5165\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u5074\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u306b\u3088\u3063\u3066\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3059\u308b\u4e3b\u306a\u7406\u7531\u306f\u3001\u5165\u529b\u691c\u8a3c\u304c\u4e0d\u5341\u5206\u3067\u3042\u308b\u3053\u3068\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u751f\u6210\u3057\u305f\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u9069\u5207\u306b\u51e6\u7406\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u3067\u3059\u3002\u958b\u767a\u8005\u304c\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3092\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3067\u4f7f\u7528\u3059\u308b\u524d\u306b\u30b5\u30cb\u30bf\u30a4\u30ba\u3057\u306a\u3044\u5834\u5408\u3001\u653b\u6483\u8005\u304c\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3059\u308b\u6a5f\u4f1a\u304c\u751f\u307e\u308c\u307e\u3059\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u6210\u529f\u3057\u305f\u5834\u5408\u306e\u7d50\u679c\u306f\u3001\u60c5\u5831\u6f0f\u6d29\u304b\u3089\u30b5\u30fc\u30d0\u30fc\u306e\u5b8c\u5168\u306a\u4fb5\u5bb3\u307e\u3067\u591a\u5c90\u306b\u308f\u305f\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u5185\u90e8\u69cb\u9020\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4ed5\u7d44\u307f<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u4f7f\u7528\u3055\u308c\u308b\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u306e\u57fa\u76e4\u3068\u306a\u308b\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u60aa\u7528\u3057\u307e\u3059\u3002\u307b\u3068\u3093\u3069\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u306f\u3001\u7279\u5b9a\u306e\u69cb\u6587\u307e\u305f\u306f\u533a\u5207\u308a\u6587\u5b57\u3092\u4f7f\u7528\u3057\u3066\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u751f\u6210\u3057\u305f\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u7f6e\u304d\u63db\u3048\u308b\u5fc5\u8981\u304c\u3042\u308b\u5909\u6570\u3092\u8b58\u5225\u3057\u307e\u3059\u3002\u958b\u767a\u8005\u304c\u3053\u308c\u3089\u306e\u5909\u6570\u5185\u3067\u30c1\u30a7\u30c3\u30af\u3055\u308c\u3066\u3044\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3092\u8a31\u53ef\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u304c\u5909\u6570\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u304b\u3089\u629c\u3051\u51fa\u3057\u3066\u72ec\u81ea\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30b3\u30fc\u30c9\u3092\u633f\u5165\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u305f\u3068\u3048\u3070\u3001\u300c{{variable}}\u300d\u306e\u3088\u3046\u306a\u4e00\u822c\u7684\u306a\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u69cb\u6587\u306f\u3001\u300cvariable\u300d\u304c\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u306b\u3088\u3063\u3066\u76f4\u63a5\u5f71\u97ff\u3092\u53d7\u3051\u308b\u5834\u5408\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u5bfe\u3057\u3066\u8106\u5f31\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u653b\u6483\u8005\u306f\u300c{{user_input}}\u300d\u306e\u3088\u3046\u306a\u3082\u306e\u3092\u5165\u529b\u3057\u3001\u6b63\u3057\u304f\u691c\u8a3c\u3055\u308c\u306a\u3044\u5834\u5408\u306f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4e3b\u306a\u7279\u5fb4\u306e\u5206\u6790<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4e3b\u306a\u6a5f\u80fd\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u30a8\u30b9\u30b1\u30fc\u30d7<\/strong>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u306f\u7279\u5b9a\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u5185\u3067\u52d5\u4f5c\u3057\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u6210\u529f\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u306f\u3053\u308c\u3089\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u304b\u3089\u629c\u3051\u51fa\u3057\u3001\u57fa\u76e4\u3068\u306a\u308b\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u74b0\u5883\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30b5\u30fc\u30d0\u30fc\u5074\u306e\u5f71\u97ff<\/strong>: \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u30b5\u30fc\u30d0\u30fc\u5074\u306e\u8106\u5f31\u6027\u3067\u3042\u308a\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u30db\u30b9\u30c8\u3057\u3066\u3044\u308b\u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u653b\u6483\u304c\u767a\u751f\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8 \u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS) \u306a\u3069\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u653b\u6483\u3068\u306f\u7570\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30b3\u30fc\u30c9\u306e\u5b9f\u884c<\/strong>: \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u60aa\u7528\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u304c\u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u4fb5\u5bb3\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30c7\u30fc\u30bf\u306e\u5f15\u304d\u51fa\u3057<\/strong>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001\u30c7\u30fc\u30bf\u306e\u6d41\u51fa\u3092\u5bb9\u6613\u306b\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u74b0\u5883\u304b\u3089\u6a5f\u5bc6\u60c5\u5831\u304c\u653b\u6483\u8005\u306b\u6f0f\u6d29\u3059\u308b\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u7a2e\u985e<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u3068\u767a\u751f\u3059\u308b\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u306b\u5fdc\u3058\u3066\u3001\u3055\u307e\u3056\u307e\u306a\u5f62\u5f0f\u3067\u73fe\u308c\u307e\u3059\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4e00\u822c\u7684\u306a\u30bf\u30a4\u30d7\u306b\u306f\u3001\u6b21\u306e\u3082\u306e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30bf\u30a4\u30d7<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u6587\u5b57\u5217\u88dc\u9593<\/td>\n<td>\u3053\u306e\u30bf\u30a4\u30d7\u3067\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u6307\u5b9a\u3057\u305f\u5165\u529b\u306f\u691c\u8a3c\u306a\u3057\u3067\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u76f4\u63a5\u633f\u5165\u3055\u308c\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30b3\u30fc\u30c9\u8a55\u4fa1<\/td>\n<td>\u653b\u6483\u8005\u306f\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u5185\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u3001\u30b3\u30fc\u30c9\u5b9f\u884c\u306b\u3064\u306a\u304c\u308a\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/td>\n<td>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001\u5b9f\u884c\u306e\u305f\u3081\u306b\u30b5\u30fc\u30d0\u30fc\u306e\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306b\u30b3\u30de\u30f3\u30c9\u3092\u633f\u5165\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u64cd\u4f5c<\/td>\n<td>\u653b\u6483\u8005\u306f\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u69cb\u9020\u81ea\u4f53\u3092\u5909\u66f4\u3057\u3066\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0\u3092\u59a8\u5bb3\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4f7f\u7528\u65b9\u6cd5\u3001\u4f7f\u7528\u306b\u4f34\u3046\u554f\u984c\u3068\u305d\u306e\u89e3\u6c7a\u7b56<\/h2>\n<h3>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4f7f\u7528\u65b9\u6cd5:<\/h3>\n<ol>\n<li>\n<p><strong>\u6c5a\u640d<\/strong>: \u653b\u6483\u8005\u306f\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u633f\u5165\u3057\u3001Web \u30b5\u30a4\u30c8\u3092\u6539\u3056\u3093\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30c7\u30fc\u30bf\u306e\u5f15\u304d\u51fa\u3057<\/strong>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u3088\u308a\u30c7\u30fc\u30bf\u306e\u6d41\u51fa\u304c\u5bb9\u6613\u306b\u306a\u308a\u3001\u653b\u6483\u8005\u304c\u6a5f\u5bc6\u30c7\u30fc\u30bf\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c<\/strong>: \u653b\u6483\u8005\u306f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3059\u308b\u3053\u3068\u3067\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u5b9f\u73fe\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u3092\u5236\u5fa1\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h3>\u554f\u984c\u3068\u305d\u306e\u89e3\u6c7a\u7b56:<\/h3>\n<ol>\n<li>\n<p><strong>\u4e0d\u5341\u5206\u306a\u5165\u529b\u691c\u8a3c<\/strong>: \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u9632\u3050\u306b\u306f\u3001\u9069\u5207\u306a\u5165\u529b\u691c\u8a3c\u304c\u4e0d\u53ef\u6b20\u3067\u3059\u3002\u958b\u767a\u8005\u306f\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3067\u4f7f\u7528\u3059\u308b\u524d\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3092\u691c\u8a3c\u3057\u3066\u30b5\u30cb\u30bf\u30a4\u30ba\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30bb\u30ad\u30e5\u30a2\u306a\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a8\u30f3\u30b8\u30f3\u69cb\u6210<\/strong>: \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a8\u30f3\u30b8\u30f3\u306f\u3001\u6a5f\u5bc6\u6027\u306e\u9ad8\u3044\u95a2\u6570\u3084\u5909\u6570\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u5236\u9650\u3059\u308b\u3088\u3046\u306b\u5b89\u5168\u306b\u69cb\u6210\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6587\u8108\u304b\u3089\u306e\u8131\u51fa<\/strong>: \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u3092\u9632\u3050\u305f\u3081\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u63d0\u4f9b\u3059\u308b\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u306b\u5fdc\u3058\u3066\u30a8\u30b9\u30b1\u30fc\u30d7\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30b3\u30f3\u30c6\u30f3\u30c4 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30dd\u30ea\u30b7\u30fc (CSP)<\/strong>: \u5b9f\u884c\u53ef\u80fd\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30bd\u30fc\u30b9\u3092\u5236\u9650\u3059\u308b\u3053\u3068\u3067\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u5f71\u97ff\u3092\u8efd\u6e1b\u3059\u308b CSP \u3092\u5b9f\u88c5\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u4e3b\u306a\u7279\u5fb4\u3068\u985e\u4f3c\u7528\u8a9e\u3068\u306e\u6bd4\u8f03<\/h2>\n<h3>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3068\u30af\u30ed\u30b9\u30b5\u30a4\u30c8 \u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS):<\/h3>\n<table>\n<thead>\n<tr>\n<th>\u7279\u6027<\/th>\n<th>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/th>\n<th>\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u653b\u6483\u5bfe\u8c61<\/td>\n<td>\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u30a6\u30a7\u30d6\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3<\/td>\n<td>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u30a6\u30a7\u30d6\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3<\/td>\n<\/tr>\n<tr>\n<td>\u6ce8\u5165\u30dd\u30a4\u30f3\u30c8<\/td>\n<td>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3001\u30d5\u30a9\u30fc\u30e0 \u30d5\u30a3\u30fc\u30eb\u30c9\u3001URL \u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306a\u3069\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u8106\u5f31\u6027\u306e\u7a2e\u985e<\/td>\n<td>\u30b5\u30fc\u30d0\u30fc\u5074\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/td>\n<td>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/td>\n<\/tr>\n<tr>\n<td>\u30a4\u30f3\u30d1\u30af\u30c8<\/td>\n<td>\u30b5\u30fc\u30d0\u30fc\u306e\u4fb5\u5bb3\u3001\u30c7\u30fc\u30bf\u306e\u76d7\u96e3\u3001\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u3002<\/td>\n<td>Cookie \u306e\u76d7\u96e3\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3001\u6539\u3056\u3093\u306a\u3069\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u4fee\u5fa9\u306e\u8907\u96d1\u3055<\/td>\n<td>\u4e2d\u304f\u3089\u3044<\/td>\n<td>\u72b6\u6cc1\u3068\u8106\u5f31\u6027\u306e\u7a2e\u985e\u306b\u3088\u3063\u3066\u7570\u306a\u308a\u307e\u3059<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u3059\u308b\u5c06\u6765\u306e\u5c55\u671b\u3068\u6280\u8853<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u5c06\u6765\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306e\u6539\u5584\u3068 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u958b\u767a\u306b\u304a\u3051\u308b\u3088\u308a\u826f\u3044\u5b9f\u8df5\u3092\u4e2d\u5fc3\u306b\u5c55\u958b\u3055\u308c\u307e\u3059\u3002\u6b21\u306e\u30c6\u30af\u30ce\u30ed\u30b8\u3068\u30a2\u30d7\u30ed\u30fc\u30c1\u306f\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3059\u308b\u5f79\u5272\u3092\u679c\u305f\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u81ea\u52d5\u5316<\/strong>: \u5f37\u5316\u3055\u308c\u305f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u81ea\u52d5\u5316\u30c4\u30fc\u30eb\u306f\u3001\u958b\u767a\u30d7\u30ed\u30bb\u30b9\u4e2d\u306b\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u3092\u7279\u5b9a\u3057\u3066\u9632\u6b62\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u9759\u7684\u30b3\u30fc\u30c9\u5206\u6790<\/strong>: \u9759\u7684\u30b3\u30fc\u30c9\u5206\u6790\u3092\u958b\u767a\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306b\u7d71\u5408\u3059\u308b\u3068\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u9023\u3059\u308b\u8106\u5f31\u306a\u30b3\u30fc\u30c9 \u30d1\u30bf\u30fc\u30f3\u3092\u7279\u5b9a\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5165\u529b\u691c\u8a3c\u306e\u305f\u3081\u306e\u6a5f\u68b0\u5b66\u7fd2<\/strong>: \u6a5f\u68b0\u5b66\u7fd2\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306f\u52d5\u7684\u306a\u5165\u529b\u691c\u8a3c\u3092\u652f\u63f4\u3057\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30e9\u30f3\u30bf\u30a4\u30e0\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u81ea\u5df1\u4fdd\u8b77 (RASP)<\/strong>RASP \u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u306f\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u3092\u30ea\u30a2\u30eb\u30bf\u30a4\u30e0\u3067\u76e3\u8996\u304a\u3088\u3073\u9632\u5fa1\u3059\u308b\u3053\u3068\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8ffd\u52a0\u30ec\u30a4\u30e4\u30fc\u3092\u63d0\u4f9b\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u306e\u4f7f\u7528\u65b9\u6cd5\u3084\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3068\u306e\u95a2\u9023\u4ed8\u3051\u65b9\u6cd5<\/h2>\n<p>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 \u30b5\u30fc\u30d0\u30fc\u9593\u306e\u4ef2\u4ecb\u5f79\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3067\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u306b\u9593\u63a5\u7684\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u6b21\u306e\u76ee\u7684\u3067\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306e\u30ed\u30b0\u3068\u691c\u67fb<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u53d7\u4fe1\u8981\u6c42\u3068\u5fdc\u7b54\u3092\u30ed\u30b0\u306b\u8a18\u9332\u3067\u304d\u308b\u305f\u3081\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c1\u30fc\u30e0\u306f\u6f5c\u5728\u7684\u306a\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8a66\u307f\u3092\u7279\u5b9a\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30b3\u30f3\u30c6\u30f3\u30c4 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30dd\u30ea\u30b7\u30fc (CSP) \u3092\u5b9f\u88c5\u3059\u308b<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u6f5c\u5728\u7684\u306a\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 \u30da\u30a4\u30ed\u30fc\u30c9\u3092\u542b\u3080\u60aa\u610f\u306e\u3042\u308b\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u30d6\u30ed\u30c3\u30af\u307e\u305f\u306f\u30d5\u30a3\u30eb\u30bf\u30fc\u51e6\u7406\u3059\u308b CSP \u30eb\u30fc\u30eb\u3092\u9069\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u306b\u3088\u304f\u95a2\u9023\u3059\u308b\u60aa\u610f\u306e\u3042\u308b\u30d1\u30bf\u30fc\u30f3\u306e\u53d7\u4fe1\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u30d5\u30a3\u30eb\u30bf\u30fc\u3059\u308b\u3088\u3046\u306b\u69cb\u6210\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<p>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3068 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/www-community\/attacks\/Server_Side_Template_Injection\" target=\"_new\" rel=\"noopener nofollow\">OWASP: \u30b5\u30fc\u30d0\u30fc\u5074\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/li>\n<li><a href=\"https:\/\/portswigger.net\/web-security\/template-injection\" target=\"_new\" rel=\"noopener nofollow\">PortSwigger Web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30ab\u30c7\u30df\u30fc\u3067\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/li>\n<li><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\" target=\"_new\" rel=\"noopener nofollow\">MDN Web \u30c9\u30ad\u30e5\u30e1\u30f3\u30c8: Web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3<\/a><\/li>\n<\/ul>","protected":false},"featured_media":479275,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-479274","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Template Injection: An In-Depth Analysis<\/mark>","faq_items":[{"question":"What is Template injection?","answer":"<p>Template injection is a cybersecurity vulnerability that occurs when user input is not properly validated and is directly embedded into templates of web applications. This allows attackers to inject malicious code into the template rendering process, leading to various attacks like data exfiltration, code execution, and privilege escalation.<\/p>"},{"question":"How did Template injection originate?","answer":"<p>Template injection vulnerabilities have been around since the early days of web application development when templating engines became popular. Security researchers first mentioned the concept of template injection in the mid-2000s when identifying this threat in various web frameworks.<\/p>"},{"question":"How does Template injection work?","answer":"<p>Template injection attacks exploit the mechanics of the templating engine used by the web application. Attackers manipulate user-supplied input within variables, enabling them to inject their own template code, which is then executed by the server-side templating engine.<\/p>"},{"question":"What are the key features of Template injection?","answer":"<p>Key features of template injection include context escaping, server-side impact, code execution, and data exfiltration. Successful template injection allows attackers to break out of contexts and execute arbitrary code on the server.<\/p>"},{"question":"What types of Template injection exist?","answer":"<p>There are several types of template injection, including string interpolation, code evaluation, command injection, and template manipulation. Each type varies based on the templating engine and the context in which it occurs.<\/p>"},{"question":"How can Template injection be used, and what are the associated problems and solutions?","answer":"<p>Template injection can be exploited for defacement, data exfiltration, and remote code execution. Problems arise due to insufficient input validation and insecure templating engine configurations. Solutions include proper input validation, secure templating engine settings, contextual escaping, and Content Security Policies (CSP).<\/p>"},{"question":"How does Template injection compare to Cross-Site Scripting (XSS)?","answer":"<p>Template injection and Cross-Site Scripting (XSS) differ in their attack targets, injection points, vulnerability types, and impacts. Template injection affects server-side applications, while XSS targets client-side applications.<\/p>"},{"question":"What are the future perspectives and technologies related to Template injection?","answer":"<p>The future of template injection involves improved security automation, static code analysis, machine learning for input validation, and Runtime Application Self-Protection (RASP) solutions.<\/p>"},{"question":"How can proxy servers be associated with Template injection?","answer":"<p>Proxy servers indirectly impact template injection by logging and inspecting traffic, implementing Content Security Policies (CSP), and filtering incoming traffic for potential attacks.<\/p>"},{"question":"Where can I find more information about Template injection and web application security?","answer":"<p>For more details about Template injection and web application security, consider exploring the resources provided below:<\/p><ul><li>OWASP: Server-Side Template Injection (<a href=\"https:\/\/owasp.org\/www-community\/attacks\/Server_Side_Template_Injection\" target=\"_new\">https:\/\/owasp.org\/www-community\/attacks\/Server_Side_Template_Injection<\/a>)<\/li><li>Template Injection on PortSwigger Web Security Academy (<a href=\"https:\/\/portswigger.net\/web-security\/template-injection\" target=\"_new\">https:\/\/portswigger.net\/web-security\/template-injection<\/a>)<\/li><li>MDN Web Docs: Web Security (<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\" target=\"_new\">https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security<\/a>)<\/li><\/ul>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/479274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/479274\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/479275"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=479274"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}