imagejs is a small tool to hide javascript inside a valid image file. The image file is not viewable by as a picture, but it is recognized as one by content checking software, e.g. the file command you might now from Linux or other Unix based operation systems
A file created by this tool is able to extend XSS vulnerabilities. For example, if you are able to put a script tag on a website but cant run the script because it only runs scripts from this website, you can just upload e.g. a profile picture containing the code you want to run. The idea came from Ajin Abraham who tested this on gif files. Of course there are more file types that allow to do this
O jasny #!$%@?... PIS pomagał przemycać do Europy oligarchów z Rosji i ich bananowe dzieci a co więcej nadawał im obywatelstwo... Brawo, brawo, powinszować! #sejm #ukraina #rosja #wojna #wtf #bekazpisu #polityka
imagejs is a small tool to hide javascript inside a valid image file. The image file is not viewable by as a picture, but it is recognized as one by content checking software, e.g. the file command you might now from Linux or other Unix based operation systems
A file created by this tool is able to extend XSS vulnerabilities. For example, if you are able to put a script tag on a website but cant run the script because it only runs scripts from this website, you can just upload e.g. a profile picture containing the code you want to run. The idea came from Ajin Abraham who tested this on gif files. Of course there are more file types that allow to do this
http://jklmnn.de/imagejs/
#webdev #security #javascript
#msqspam
cat script.JS>>image.jpg
?