in , ,

Exploiting XSS with Javascript/JPEG Polyglot

What is a polyglot?

Just like PNG, JPEG, and DOC are valid file types, polyglots are a combination of two different file types. For example Phar + JPEG (PHP archive and JPEG file), GIFAR (Gif and Rar file) Javascript + JPEG, etc.

Applications allow only certain file types on features like file upload and don’t allow other file types like .php or .js files as these can enable the attacker to upload malicious files on the application. Applications perform extension filtering checks like double extensions(.jpg.php) or use of null bytes in extension(.php%00.jpg), file names (.htaccess, .config, etc..), and if the uploaded file’s signature also matches its content type.

The different application uses different methods and polyglots can be used to bypass some of these validation checks.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Account Takeover Vulnerability in TikTok SMB subdomain.

Bypassing CDN WAF's with Alternate Domain Routing