Stored XSS Via File Upload [SVG File Content]

Hi Friends!

This is my 36th blog on web application security penetration testing. In this blog I will explain about Stored XSS Via SVG File Upload.

In my last blog, I have explained about Remote Code Execution by uploading ASP .NET Web Shell. Hope everyone liked it. If you haven’t read it yet please follow along.

Let me give you some Mental notes from previous (35th blog) which we have seen earlier to this blog series:

  1. We have hosted ASP.NET Website on Local IIS Server.
  2. Back-end running MS-SQL Server
  3. We have created one file upload control which uploads the file and store it into the Local IIS server directory named as ~/uploads

Let’s not waste more time and jump to the topic to demonstrate step-by-step POC:

  1. Navigate to File Upload Control as shown below:

2. Create SVG File with .svg extension which below code written in it and named it as test.svg

3. Browse the newly created test.svg file and click on Upload File button to upload it on web server.

4. Now navigate to web root directory inside the ~/Uploads folder to see file uploaded successfully or not? Notice our .svg file uploaded successfully to web server.

5. Now browse it back to see it’s WebView, When you do that our XSS payload will get executed successfully.

This is how we can create malicious SVG file to execute XSS if it is allowed on web server to upload.

Hope everyone will like this simple steps POC. Please do like and follow and comment for more reads!




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store