A day ago my friend Pratik Dabhi shares his write up about “How he can steal data using a picture”.
His writeup Link here. He mentions on his write up that
This vulnerability can be found in the places where you have an option to upload photos using tags or URLs for example forums, discussion pages. or you can simply use <img src=”malicious-link”>.
So, I thought to make it more impactful because sometimes Bug Bounty program is marked out of scope discussion page, forums, etc.
One thing that pops up in my mind that I can create an SVG image that can load an external image into an SVG image using <image>.
So, Yeah then I sit with my lappy and created an SVG image. From the bellow link, you can find the code.
Just Random fun. Contribute to rudSarkar/Payloads development by creating an account on GitHub.
You know how to use it, Use your smart brain and have fun 🙌
Thanks for reading If it’s helped you
support using BTC: 3N3tmzf3YoS5hTGJoXqSe413aTQMWfXGz5
Find me on Twitter 👾