Before we get started I have started a slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below:
NEW Hacking Group Slack Channel
Scalable Vector Graphics(SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation.
The below code is an example of a basic SVG file that will show a picture of a rectangle:
<svg width="400" height="110"> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" /> </svg>
Another thing to note is that SVG files can be treated as images in HTML. This means you can place a SVG file in a image tag and it will render perfectly:
<img src="rectangle.svg" alt="Rectangle" height="42" width="42">
If a website loads a SVG file with an XSS payload it will get executed. This is often over looked by developers and attackers alike. An example SVG file with an alert XSS payload can be found below:
One easy way to test for this vulnerability is to upload a SVG file as your profile picture as shown in the below burp requests:
Notice the content type is set to :
Once the image is uploaded you just need to find out what path it was uploaded to. This can easily be done by right clicking the image and selecting “copy image address” , if your using google chrome. If everything worked when you view the image your payload will execute. You just got stored XSS via a SVG file.
XSS is everywhere and almost every one is looking for it when doing bug bounties or a penetration test. Sometimes the SVG file gets over looked by the developers. If this happens you can attempt to upload a SVG file as your profile picture or something else and when you view this file your XSS payload will execute.
8 thoughts on “XSS SVG”
hey, the payload will get reflect the client-side how it will impact the server.
It’s very easy to find out any topic on net as compared to
books, as I found this piece of writing at this web site.
Saveԁ as a favoгite, I like уour website!
Hi, I desire to subscribe for this website to get newest
updates, therefore where can i do it please help out.
I always drop a link on twitter and my slack channel whenever I create a new blog:
Glad you enjoy the content great stuff coming in the future 🙂
Thanks for this post, I am a big fan of this site would like to keep updated.
Thanks for some other wonderful article. The place else could anybody get that type of information in such an ideal manner of writing?
I’ve a presentation subsequent week, and I’m on the search for such information.
Hello, I’m contacting you to ask if you’re looking for a better link indexer. We just have left the beta test phase (GSA forum) and the feedback is excellent. As you know the old references in the field are less effective since several Google updates. This is not our case.
Our service is the best for Google but also index Bing and Yandex. Our formulas are all unlimited, submissions AND number of URLs, which makes them the best companion for SEO agencies.
We therefore offer you 24 hours of testing when you wish to prove that we are the best: http://lamp-dev.ru/redirect.php?to=http://www.miniurlz.com/LP-IN2
See you soon
Perspective on your own quickly
Comments are closed.