Lab 49 — PixelVault — Stored XSS via Malicious SVG Upload

hackadvisor

Task: File-sharing platform accepting SVG uploads served with image/svg+xml content-type, admin bot visits reported URLs. Solution: Upload malicious SVG with JavaScript that exfiltrates admin cookies via same-origin comments API.

file_upload xss stored_xss cookie_stealing admin_bot svg same_origin

svg_xssadmin_bot_exploitationstored_xss_via_uploadsame_origin_exfiltrationcomments_api_exfiltration

$ ls tags/ techniques/

file_upload xss stored_xss cookie_stealing admin_bot svg same_origin

svg_xssadmin_bot_exploitationstored_xss_via_uploadsame_origin_exfiltrationcomments_api_exfiltration

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 342 — CloudVault — Stored XSS via Malicious SVG Upload— hackadvisor
[web][Pro]Lab 393 — ShareVault — Stored XSS via File Browser innerHTML— hackadvisor
[web][Pro]Lab 39 — PixelVault — RCE via ImageMagick Filename Command Injection— hackadvisor
[web][Pro]Lab 314 — PixVault — ExifTool DjVu RCE via Image Upload— hackadvisor
[web][Pro]Lab 82 — PixelVault — SQL Injection via User-Agent in Activity Logging— hackadvisor