Uploaded images filter evasion for carrying out XSS attacks

This article is very old (first published in 25 dec 2007) but many things still work. This article describes how to inject javascript code into image file for making XSS attack in different web projects. Also here described methods for bypassing image filters and recomendations for preventing from this attacks.

Read more