- Take any application and login to it.
- Go to the profile path.
- In the upload image parameter, insert the image which has the name as below payloads.
“><img src=x onerror=alert(0)>.jpeg
“><img src=x onerror=alert(0)>.png
Now upload an image with the image name as above payload in any application and observe the changes. Remediation: Sanitize image names before uploading them on to applications. Research by Jos Rohill