SVG XSS In FileUploads | Bug Bountys

Abusing File Uploads to execute SVG files that lead to Cross Site Scripting (XSS) Attacks. 

I demonstrate simple bypasses, mitigation’s & discovery.  

 https://owasp.org/www-project-cheat-sheets/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html 

 https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection 

Cheers,

Happy hacking

Leave a Reply