I was able to add javascript code in there and it executed properly, but the browser won't parse the jpg as html unless I give it a .html filename extension. I don't see how this could be easily exploitable.
Is it possible for the file extension to say one thing and the MIME type to say something else? So the file extension could be .jpg (reassuring the user that it is only an image) but the HTTP response says it is text/html?
I think a similar exploit was used recently with .svg images - they can contain javascript (being XML) which will be executed by the browser. Not sure about the details however.
>I think a similar exploit was used recently with .svg images - they can contain javascript (being XML) which will be executed by the browser. Not sure about the details however.
However, the JavaScript shouldn't execute if the image is embedded via <img>.
