all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting XSS using Polyglot JPEG+Javascript to bypass CSP

Add to bookmarks
Nov. 14, 2023, 10:14 a.m. | Emin Skrijelj

System Weakness - Medium systemweakness.com

Exploiting XSS using Polyglot JPEGs+Javascript to bypass CSP

Introduction

This vulnerability allows an attacker to use a JPEG polyglot with JavaScript to hide the malicious JavaScript payload in the image successfully without corrupting the image to bypass the site's CSP. For this exploit you will need two parameters, one to call the malicious image and the other one to upload it.

Polyglot

Polyglot refers to a file or data that is designed to be interpreted or processed as multiple …

attacker bypass call csp exploit exploiting hide image information security javascript jpeg malicious payload pentesting polyglot vulnerability xss

Visit resource

More from systemweakness.com / System Weakness - Medium

First AD home lab 10 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 10 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 1 day, 8 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 1 day, 8 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 1 day, 8 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 1 day, 8 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22
Safeguarding the Virtual Frontier 1 day, 8 hours ago | systemweakness.com
awareness click collaboration critical +24
The Ultimate Guide to CISSP’s Eight Security Territories 1 day, 8 hours ago | systemweakness.com
bug bounty cybersecurity information security information technology +1
Keep your API keys safe (OpenAI, Together AI, etc.) 1 day, 8 hours ago | systemweakness.com
cybersecurity data science encryption generative-ai-tools +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Principal Security Researcher (Advanced Threat Prevention)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

EWT Infosec | IAM Technical Security Consultant - Manager

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Engineering Operations Manager

@ Gusto | San Francisco, CA; Denver, CO; Remote
View on infosec-jobs.com

Network Threat Detection Engineer

@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC
View on infosec-jobs.com
View more jobs