Re: A picture that steals your data — A tale to IP Theft.
Hey Guys,
A day ago my friend Pratik Dabhi shares his write up about “How he can steal data using a picture”.
His writeup Link here. He mentions on his write up that
This vulnerability can be found in the places where you have an option to upload photos using tags or URLs for example forums, discussion pages. or you can simply use <img src=”malicious-link”>.
So, I thought to make it more impactful because sometimes Bug Bounty program is marked out of scope discussion page, forums, etc.
One thing that pops up in my mind that I can create an SVG image that can load an external image into an SVG image using <image>.
So, Yeah then I sit with my lappy and created an SVG image. From the bellow link, you can find the code.
You know how to use it, Use your smart brain and have fun 🙌
Thanks for reading.
Find me on Twitter 👾
