Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to teach you how to test an image rendering application and be able to discover an XSS.
Let’s get started, you need to have the URL of the application that allows image rendering. The GET parameter called url is responsible for indicating the path of an image to be rendered.
As you can see, the url parameter has no value, so let’s add an image address.
I added my profile photo URL from Github. How am I going to inject an XSS through an image rendering? There is a file with the SVG extension (Scalable Vector Graphics), maybe some of you already know it, it uses the XML language to create graphics and drawings, like those graphics that we see in reports on websites. We can use it to write javascript code and make the server execute it.
I have a payload and I will share it with you:
<svg width=”100%” height=”100%” viewBox=”0 0 100 100"
xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink">
<circle cx=”50" cy=”50" r=”45" fill=”green” id=”foo” o=”foo”/>
<script>alert(“XSS Test”);</script>
<script>alert(document.cookie);</script>
</svg>
On the third line it will create a green circle with the size 50x50 and then it will execute the javascript code. Let’s copy it and create an SVG file and paste the contents into the file and close. I opened the terminal in the directory where the file was, opened port 80 HTTP and made port forwarding using Ngrok, then copy the URL with the path of the image and pasted in the value of the url parameter of that application.
We achieved!!! The javascript code was rendered and we got the alert. Now when you see an application that renders an image you will always test this method lol.
So that’s it, it was a simple article teaching how to exploit this vulnerability, I hope you enjoyed it ;)