Course

In this course, you will delve into the potential vulnerabilities associated with uploading SVG files, focusing specifically on how they can be manipulated to execute Cross-Site Scripting (XSS) attacks. SVG images, being XML-based, allow the inclusion of JavaScript, which can be exploited by attackers. The course walks you through the process of carefully examining upload functionalities, file extensions, and content-types to successfully upload a malicious SVG file and get it served correctly to trigger XSS.

The hands-on lab will guide you through real-world scenarios where you will upload both benign and malicious files, observe the server's response, and ultimately execute JavaScript to achieve XSS. The course emphasizes the importance of understanding content-types and how browsers render these types to execute the attack effectively. By the end of this lab, you'll have a comprehensive understanding of how to exploit SVG file uploads to perform XSS attacks, and how to use these skills ethically in penetration testing.