all InfoSec news
Exploiting XSS using Polyglot JPEG+Javascript to bypass CSP
System Weakness - Medium systemweakness.com
Exploiting XSS using Polyglot JPEGs+Javascript to bypass CSP
Introduction
This vulnerability allows an attacker to use a JPEG polyglot with JavaScript to hide the malicious JavaScript payload in the image successfully without corrupting the image to bypass the site's CSP. For this exploit you will need two parameters, one to call the malicious image and the other one to upload it.
Polyglot
Polyglot refers to a file or data that is designed to be interpreted or processed as multiple …
attacker bypass call csp exploit exploiting hide image information security javascript jpeg malicious payload pentesting polyglot vulnerability xss