Cross-Site Scripting to Remote Code Execution on Trello’s App

Cross-Site Scripting to Remote Code Execution on Trello’s App

一文介绍了如何将 xss payload, RCE payload, 放进svg, upload svg, 进行攻击.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg xmlns="http://www.w3.org/2000/svg">
<script>alert(document.location);</script>
</svg>

svg

xmlns 是定义一个 namespace.

<svg xmlns="http://www.w3.org/2000/svg">
  <!-- more tags here -->
</svg>

Ref: Namespaces Crash Course - SVG | MDN

xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

Use an XML declaration in HTML5 when you wish to specify a different encoding, especially when the file might be consumed not just by browsers but also by XML processors.

Ref: SVG in HTML5 – when is XML declaration <?xml version="1.0" encoding="UTF-8"?> needed? - Stack Overflow

Show Comments