The purpose of this article is to provide a repeatable means of performing cross-site scripting attacks via an SVG file.
SVG, otherwise known as “scalable vector graphics” in which an XML document used to build an image.
The above code generates the following image:
Take for example the following code:
With all of this in mind, seriously consider limiting or blocking SVGs from being uploaded. More often than not, developers have overlooked SVG as a potential threat vector and allow profile picture upload of malicious SVG files.
Additionally, if you are familiar with XXE attacks, this can also be used for that attack vector in some circumstances. If you aren’t already scanning uploads regardless of their extension or mime type, it might be time to change that.
Long story short, if you can pop XSS within an SVG you can do pretty much anything up to and including store malicious JS, malicious XML or malicious HTML in-line.
Did you find this useful? Browse more like it on the RedTeam Security blog!
10-Point Offensive Security Checklist
Get A Bird's Eye View Of Your Organization's Security Readiness
National TV news and media outlets often consult with us for our expertise as a boutique, high-touch ethical hacking firm highly trained in a narrow field of cybersecurity. Please click on any logo below to view the featured story.
Learn how our security experts can reduce your organization’s security risk!
Test the effectiveness of your own security controls before malicious parties do it for you. Our security experts are here to help — schedule a call today.
Dedicated Client Portal
Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.
Our expert penetration testers use their coding backgrounds to build tools to expand their testing capabilities and provide more comprehensive results on every engagement.
We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.
Free Remediation Testing
Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.
Union Depot Building 214 4th Street E., Suite 140 St. Paul, MN 55101