This module focuses on identifying and exploiting XSS vulnerabilities. Read the instructions and use the skills you have learned in previous modules to solve the task.

In this assignment, we exploit an XSS vulnerability in the file upload function and hijack the administrator's session. The objective of the task is to change the administrator's password!

XSS in file transmission 2

JavaScript code can also be executed in the SVG file format. With the example below, you can execute JavaScript code. Solve the task in the required manner.

*This module focuses on identifying and exploiting XSS vulnerabilities. Read the instructions and use the skills you have learned in previous modules to solve the task.*

@exercise c24bcc14459a

JavaScript code can also be executed in the SVG file format. With the example below, you can execute JavaScript code. Solve the task in the required manner.

```html
<?xml version="1.0" standalone="no"?> 
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//FI" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> 
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> 
  <script type="text/javascript"> alert(1); </script> 
</svg>
```


XSS in file uploads - SVG

Learn how to find and exploit a vulnerability that is one of the most common vulnerabilities, easy to find, and yet very dangerous. Hackerone ranked XSS the #1 bug bounty vulnerability of 2021.

XSS (Cross-Site Scripting) vulnerabilities are both common and serious. For example, HackerOne has listed XSS as the number one vulnerability on their top 10 vulnerabilities list.

Vulnerability management is therefore extremely important, whether you are a penetration tester, a security consultant, a developer, or a bounty hunter!

Fundamentals

What are Cross-Site Scripting Vulnerabilities?

Intro

Stored XSS and stealing session cookies

XSS in file uploads - SVG

Learn to hack — start here