You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I was uploading image attachments from my computer,I've realized
that I can upload SVG files and then I've tried to look SVG file that
I attached,and I understood you execute SVG files which is can be
malicious redirecting to a website or executing javascript codes for
members.
Steps to reproduce
Hi,
When I was uploading image attachments from my computer,I've realized
that I can upload SVG files and then I've tried to look SVG file that
I attached,and I understood you execute SVG files which is can be
malicious redirecting to a website or executing javascript codes for
members.
Steps to reproduce
PoC:
1-Go to https://cloudboost.io/files/qubdywxivwed
2-From attachments click on "Upload File"
3-Upload svg files that I gave you (redirect.svg)
4-Now, right click on attached svg and open in new tab (see example in poc.png)
7-You'll be redirected to example.com.
How To Fox:
You should stop executing svg files and display its's code like
HTML,as you know SVG files can be used like HTML codes which is
dangerous.
--
Thank You
Ashish Dhaduk
redirect.svg
The text was updated successfully, but these errors were encountered: