- Download a JPG file containing a cross-site scripting vulnerability from the PortSwigger blog page: https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
- Here is a direct link to the polyglot image: http://portswigger-labs.net/polyglot/jpeg/xss.jpg
- Using the OWASP WebGoat file upload functionality, we will plant an image into the application that contains an XSS payload.