You are currently viewing Reflected XSS with some SVG markup allowed

Reflected XSS with some SVG markup allowed

Introduction to Reflected XSS with some SVG markup allowed

In Reflected XSS with some SVG markup allowed, Reflected Cross-Site Scripting (XSS) is a web security vulnerability where untrusted user input is not properly sanitized or encoded, resulting in potential attacks. SVG markup allows for additional vectors for potential attacks. To mitigate this vulnerability, web developers should implement strict input validation and output encoding practices, ensuring thorough data checks and sanitization. Regular security assessments, adherence to best practices, and staying informed about emerging threats are crucial for effectively addressing reflected XSS vulnerabilities. Prioritizing web security, implementing secure coding practices, conducting regular audits, and staying updated on potential risks can significantly reduce the risk of reflected XSS vulnerabilities, ensuring web application safety and integrity.

Lab Solutions | Practical Work Time Reflected XSS with some SVG

This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events.

To solve the lab, perform a cross-site scripting attack that calls the alert() function Reflected XSS with some SVG.

Stepwise Solution of the lab:-

After accessing this lab, we first noticed it has “Search” functionality.

For test purposes and how will it react, we are going to inject a payload such as:

<img src=1 onerror=alert(1)>

Now click on “Search” and see what will happen.

See the “Tag is not allowed”. Now we’ve to find the allowed tags. So for that we will move to Burp Suite Intruder.

Go to “HTTP history” and press on “CTRL+I”. [“CTRL+I” shortcut way to send to intruder]

What I did here is just removed the payload we injected before and added ‘<>’. After that, I positioned my cursor in the middle of ‘<>’ and doubled clicked on “Add $” this button.

Go to XSS cheat sheet and click on “Copy tags to clipboard”.

After copying those tags from XSS cheat sheet, we had to paste them on “Payload settings”. Now click on “Start attack”.

XSS cheat sheet

We found allowed tags such as “animatetransform” and “svg”. Now we will be using it as the below payload but the work is not done yet.

<svg><animatetransform%20

Again go to XSS cheat sheet and copy all events.

Paste them on “Payload settings” and click on “Start attack”

We will check which event is allowed via filtering only HTTP 200 status.

“onbegin” is allowed. So the payload will go such as:-

"><svg><animatetransform onbegin=alert(1)>

Now press enter and see what will happen because of injecting this payload.

BOOM! Got the prompt or you can Reflected XSS (Cross-site scripting). And We’ve successfully solved this lab.

I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: Reflected XSS in canonical link tag, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!

Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.

Leave a Reply