pay_to_convert

S C E N A R I O
A web-based SVG-to-PNG conversion service is under development and includes a payment gate before allowing image processing. The application incorrectly trusts client-side parameters during registration and uses a vulnerable SVG rendering library for file conversion.

Due to insecure trust in frontend-controlled subscription values and a vulnerable SVG parsing engine, the system may allow bypass of payment restrictions and local file access through crafted SVG payloads.

The service also hints that sensitive files are accessible on the server, including /flag.txt.

O B J E C T I V E
Analyze the application flow, bypass payment restrictions, identify the vulnerable SVG processing component, and exploit local file access to retrieve the flag from /flag.txt.

Infrastructure Web Application (SVG Processing Service)

Provided Files None (black-box testing)

Flag Format Flag{}