mm0@home:~$

[xss] lab reflected xss with some svg markup allow 5bba34f8da88471eb958248fd2e9b0ff

[XSS] Lab: Reflected XSS with some SVG markup allowed


Untitled

so since it allows SVG tags I just tried with the basic payload:

Untitled

lets use intruder to get all the tags that worked.

Untitled

we can use the window screen shot tool to extract the tags that passed then pass them again in a pitch fork attack. only thing we will need to use burp suite to remove the ‘<’ and ‘>’ symbols.

Untitled

so as we lets intruder run lets continue googling trying to see what we can learn about svg.

so I just had a set of events pass:

so one of the issue I had with this lab was one of my tag called animatetransform I had that tag with a capital ‘T’

after fix that issue we can see we can call a and inside of the SVG to cause a type of animation event to occur for us to be able to use the onbegin event handler so in the end our payload looked like this:

<svg> <animatetransform onbegin="alert(1)">

Untitled