Re: A picture that steals your data — A tale to IP Theft.

Hey Guys,

A day ago my friend Pratik Dabhi shares his write up about “How he can steal data using a picture”.

His writeup Link here. He mentions on his write up that

This vulnerability can be found in the places where you have an option to upload photos using tags or URLs for example forums, discussion pages. or you can simply use <img src=”malicious-link”>.

So, I thought to make it more impactful because sometimes Bug Bounty program is marked out of scope discussion page, forums, etc.

One thing that pops up in my mind that I can create an SVG image that can load an external image into an SVG image using <image>.

So, Yeah then I sit with my lappy and created an SVG image. From the bellow link, you can find the code.

You know how to use it, Use your smart brain and have fun 🙌

Thanks for reading If it’s helped you
support using BTC: 3N3tmzf3YoS5hTGJoXqSe413aTQMWfXGz5

Find me on Twitter 👾

--

--

--

Synack Red Team Member , Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Introducing WiFi 6 — The Next Generation in Wireless Connectivity

{UPDATE} Snakes And Ladders King Board Hack Free Resources Generator

How Attacker could have suffocated the company staff

Studio One 4 Artist ⋆ Auto Replacement

Designing Secure Architectures with Threat Modeling

Difficult to track your package when server down ?

NLZIET ⋆ 06 Months Warranty

{UPDATE} Girls Beauty Salon Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rudra Sarkar

Rudra Sarkar

Synack Red Team Member , Bug Bounty Hunter

More from Medium

QRCDR Path Traversal Vulnerability

Hashing and Salting

Utilization of OWASP Tools to protect against XSS vulnerabilities

CEH Practical Exam Guide