Hi, hope you guys doing great! Here is a story about me finding a stored XSS using svg files

Goal before approaching the program

To find a one-click exploit (XSS or SSRF)

Approach

Found a target that has many features which included Discussion, Discovery, Mixtapes, Shorts, Activity and what not. I went ahead with looking at user dashboard.

Bypassing Filter

Only valid file that could have been uploaded was either jpeg or png file.

  • Here we can just send a valid png and in the second request we can replace the png contents with the svg payload.

building and breaking software