Polyglot is a term defined as something that uses several languages. If we carry this concept into hacking, it means the creation of a cross-site scripting (XSS) attack vector by using different languages as execution points. For example, attackers can construct valid images and embed JavaScript with them. The placement of the JavaScript payload is usually in the comments section of an image. Once the image is loaded in a browser, the XSS content may execute, depending upon the strictness of the content-type declared by the web server and the interpretation of the content-type by the browser.
Uploading malicious files – polyglots
Getting ready
- Download a JPG file containing a cross-site scripting vulnerability...