XSS in SVG embedded Base64
LinkBlech!
But then again, the more I thought about it, the more I decided that it's probably not that great of a vector. First thought was that because the script is embedded in Base64, output filtering isn't any good there.
But the more I think about it, the more I think it's an unlikely (although really creative) attack vector. Unlikely, because if output filtering is being done, you'd have to already be inside a src attribute of an embed element.
Very nice find, however.
0 comments:
Post a Comment