Closed digilevi2006 closed 1 year ago
Hi @chinarulezzz
Thank you for this code. But is it possible to execute the payload just by clicking the photo? Without adding .html on the end if possible...
Not sure if I understood this use case, but is it automatic that the server will just eliminate the image data and use script?
https://devcondetect.com/blog/2019/2/24/hacking-group-using-polyglot-images-to-hide-malvertsing-attacks
<img src="polyglot.jpg"/> will show the user an image and ignore the JavaScript <script src="polyglot.jpg"></script> will execute valid JavaScript and ignore the image data.
And can I insert both lines into the html source?
Thanks.
irrelevant to the pixload, sorry.
Hi @chinarulezzz
Thank you for this code. But is it possible to execute the payload just by clicking the photo? Without adding .html on the end if possible...
Not sure if I understood this use case, but is it automatic that the server will just eliminate the image data and use script?
https://devcondetect.com/blog/2019/2/24/hacking-group-using-polyglot-images-to-hide-malvertsing-attacks
And can I insert both lines into the html source?
Thanks.