png-exploitation

2 articles
sort: new top best
clear filter
bug-bounty448 google354 microsoft311 facebook262 xss238 apple179 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 supply-chain65 stored-xss65 authentication-bypass63 dos60 browser57 reflected-xss57 react50 cloudflare49 cross-site-scripting48 reverse-engineering48 input-validation48 access-control47 aws45 docker45 smart-contract45 node44 sql-injection43 ethereum43 web343 defi42 web-security42 web-application41 ssrf38 burp-suite35 idor34 vulnerability-disclosure34 info-disclosure33 race-condition33 html-injection33 cloud32 writeup32 oauth32 buffer-overflow32 smart-contract-vulnerability32 information-disclosure30
0 9/10
XSS on facebook via png content types
vulnerability

A critical XSS vulnerability on Facebook's CDN was achieved by encoding malicious JavaScript into PNG IDAT chunks, uploading the image as an advertisement, then serving it with an .html extension to trigger HTML interpretation via MIME sniffing. The attacker leveraged document.domain to access the fb_dtsg CSRF token from www.facebook.com and bypass LinkShim protections.

xss content-type-sniffing cdn-security png-exploitation idat-chunk deflate-compression mime-type-bypass csrf-token-extraction document-domain link-shim-bypass facebook akamai image-upload payload-encoding
Facebook Akamai akamaihd.net fbcdn.net photo.facebook.com fnt.pe phwd
whitton.io · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 8/10
Researching Polymorphic Images for XSS on Google Scholar
vulnerability

A detailed technical writeup of discovering and exploiting polymorphic image-based XSS vulnerabilities on Google Scholar by embedding JavaScript payloads in JPEG/PNG metadata and entropy-coded segments that survive image processing transformations. The author developed techniques to bypass Google's image reprocessing backend and created a test suite for image library behavior analysis.

xss polymorphic-images image-processing exif-injection google-scholar file-upload imagemagick graphicsmagick libvips csp-bypass web-shell-concealment metadata-injection jpeg-exploitation png-exploitation vulnerability-research
Google Scholar Doyensec Lorenzo Stella ImageMagick GraphicsMagick Libvips Exiftool doyensec/StandardizedImageProcessingTest CVE-2023-21800
blog.doyensec.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details