LAB 16 - Reflected XSS with some SVG markup allowed¶

Initial instructions¶

This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events.¶

To solve the lab, perform a cross-site scripting attack that calls the alert() function.¶

For this lab I will start by entering a normal XSS payload.

alt text

But if I send it will block de tag.

alt text

So I intercepted the request with Burpsuite. And I send it to the intruder.

Now I will run a custom XSS list containing a list of tags.

alt text

Then as long we know svg and animateTransform gave status code 200 so lets use them and build this request, now I will paste all events and test them to see if one is valid.

alt text

And we got that the event onbegin worked

alt text

So I built the final request.

<svg><animateTransform onbegin='alert(1)'>

If we enter that payload into the search bar it will trigger the XSS.

LAB 16 - Reflected XSS with some SVG markup allowed¶

Initial instructions¶

This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events.¶

To solve the lab, perform a cross-site scripting attack that calls the alert() function.¶

Congratulations, you solved the lab!¶