Collaborate Disseminate
I am currently doing a bug bounty program and was testing the company’s file upload functionality. After meddling with the functionality for a while, I was able to change the extension of the uploaded file to ‘.svg’ using burpsuite. I have… Continue reading File Upload Vulnerability SVG
A friend of mine has an old family PC with a bunch of important photos on it. Unfortunately, from what he told me, it seems like they have fallen victim to a tech support scam some five years ago, during which the scammer had remote access… Continue reading Checking potentially infected photos for stegonography
I am putting together an email and have been asked to embed the images and to reference their ContentID in the HTML so that the email is self contained (no requests out to download the images from our CDN).
This is a process that I’m not v… Continue reading Security Risks of CID Image Embed?
I received a photo and it’s critically important for me to be sure of its veracity.
The photo was received on my iphone via imessage. I downloaded an EXIF data app and imported the photo, and the app said there was no EXIF data available. … Continue reading Reasons why there would be no EXIF data at all on a received photo?
If you have an image that has malicious code written into it using steganography would a screenshot of that image have functional malicious code as well? Or does the recapture transform the image data enough to scramble anything that was p… Continue reading Screenshots and steganography, can malicious code in image be copied?
How do people manage to hide malware inside an image using EXIF as discribed here:
https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html
Is EXIF a language?
Does my PHP, JS, or other have to be compiled?
Is it stil… Continue reading exif headers hiding malware? [closed]
The title says it all, I was wondering if some malicious code could be placed in the image file (the formats I am concerned with are JPEG, PNG and WEBP, basically the common formats available when you download from google), for example as … Continue reading Can using "Save Image As" on Google Images be dangerous? [duplicate]
Let’s say I share a screenshot of an area of interest (AOI) from Google Maps. Does that alone reveal the specific location of the AOI, even if it has no identifiers (roads, coordinates) on it? What if state/region is known along with the i… Continue reading Can specific location be determined from an aerial image?
I have this piece of HTML:
<img src=”image src” alt=”{injectable}” title=”{injectable}” border=”0″>
where {injectable} values correspond to the same input value that has to be 32 characters long. How can I trigger my XSS by an ext… Continue reading Triggering an XSS through a shortened URL?
I recently stumbled on multiple cases suggesting there’s a JPG/PNG exploit that is able to silently execute malicious code when simply viewing the image. I am looking for some insight as to whether this vulnerability requires the user to o… Continue reading Png/JPG exploit without opening the image?