Skip to content
/ jpeg_polyglot_xss Public

Exploiting XSS with Javascript/JPEG Polyglot (by @medusa_0xf)

19 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

simplylu/jpeg_polyglot_xss

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
exploit.py
exploit.py
 
 
payload
payload
 
 
test.html
test.html
 
 
test.jpeg
test.jpeg
 
 

Repository files navigation

XSS Injection in JPEG

All contribution goes to @medusa_0xf. This script implements what medusa presented here

Installation

git clone https://github.com/js-on/jpeg_polyglot_xss.git
cd jpeg_polyglot_xss/

Usage

  • Read payload from stdin: python3 exploit.py -i test.jpeg -o injected.jpeg -pr '*/=alert("XSS")/*'
  • Read payload from file: python3 exploit.py -i test.jpeg -o injected.jpeg -pf payload

Help

usage: exploit.py [-h] [-pf PAYLOAD_FILE] [-pr PAYLOAD_READ] -i INPUT -o OUTPUT

options:
  -h, --help            show this help message and exit
  -pf PAYLOAD_FILE, --payload-file PAYLOAD_FILE
                        Path to text file with payload
  -pr PAYLOAD_READ, --payload-read PAYLOAD_READ
                        Payload
  -i INPUT, --input INPUT
                        Input file (JPEG)
  -o OUTPUT, --output OUTPUT
                        Output file (JPEG)

About

Exploiting XSS with Javascript/JPEG Polyglot (by @medusa_0xf)

Resources

Readme
Activity

Stars

19 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages