This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.
Stored XSS in SVG files.
Published in
3 min readAug 25, 2022
Summary
Cross-site Scripting (XSS) is a security headache for all web application developers. In this type of vulnerability, attackers will somehow inject malicious JavaScript code, or “scripts,” into a benign web app. If the attacker can successfully embed the script…