SVG based Stored XSS

Goal before approaching the program

Approach

Bypassing Filter

  • They were creating an api POST request with only the image header being sent. If the header is valid then there was another POST request that was uploading the actual file. No validation on this second POST request.
  • Here we can just send a valid png and in the second request we can replace the png contents with the svg payload.

--

--

--

building and breaking software

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Weekly Digest #77

Check out my new NFT on OpenSea!

Getting Started with Coinbase

{UPDATE} Word Flux Hack Free Resources Generator

OTP is No More Safe: Here’s How Hackers May Steal your Data via SMS Attack

Less Lethal Options for Self-Defense

✅ Ido Whitelist Knight War on RedKite Free participation without token hold

Another milestone unlocked. 30,000 and counting.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prashant Bhatkal

Prashant Bhatkal

building and breaking software

More from Medium

[ Directory Traversal attack ] How did I find it using GitHub

SQL Injection - The File Upload Playground

XSS through base64 encoded JSON

IDOR vulnerability on invoice and weak password reset leads to account take over