Week 22 - XSS Through SVG File
Last updated
Last updated
It’s week 22 of the Web Hacking Series!
And I’ve got a tip for when you come across a file upload that only accepts images. If the application allows SVG image types, you may have just found yourself a stored XSS vulnerability!
Using the code in the below image, you can execute JavaScript on the victim application. Just copy into a file named ‘test.svg’ and upload it! Short, simple, and sweet.