A year ago I participated on this private program on Bugcrowd and found some good quality vulnerabilities which earns me a good amount of bounty and one of my favorite vulnerability was this Application Level DoS (Denial of Service) using a malicious SVG file. This is my first time reporting this kind of issue that time though I reported some SVG file related vulnerabilities but this one is new to me since it was a Denial of Service using the SVG and it makes me feel more excited about it before.
So after my first report was rewarded by them which is a Stored XSS using SVG file, I continued digging down on the same area and luckily found this issue. What really makes this as one of my favorite vulnerability that I found is because I learned something new from the Triaged person who handle this report. I learned something new from him because of this report.
So long story short, here's the report timeline and proof of concept.
--Proof of Concept--
1. Go to https://<REDATED> then login
2. Go to https://<REDATED>/<username>/primary-brand
3. Click the Edit button or turn ON the Edit button in the upper left conrner of the page
4. In the Images section upload the attach SVG file.
5. Open the upload SVG file and see the result.
I have attached a GIF file for the whole demonstration of the bug, I hope you understand.
Live Demo of my test: https://user-images.<REDATED>/<userid>/primary-brand/<filename>.svg
Tested in Firefox which results into browser crash and Google Chrome which also results into browser crash.
Report Title: DoS using SVG file in https://<REDACTED>
Reported: 17, February 2018 16:52:37 UTC
Update (Triaged Staff): 21 Feb 2018 17:24:32 UTC
My Update Response:
Closed: 06 Jul 2018 20:28:52 UTC (Won't fix)
Reward: $300 + 10 Kudos points
So I hope you enjoy this write up and have a great day everyone!
"Opportunities don't happen. You create them."
― Chris Grosser