SANS pen tester has an excellent example (guest written by Chris Andre Dale) and also a new Zero-day Cross Site Scripting(XSS) example at SANS pen testing blog
The vulnerability is based on exif data in jpegs: http://www.digital-photo-secrets.com/tip/38/what-is-exif/
You can view the EXIF data in Windows7 by right clicking on the image, choosing Properties and then the Details tab. This is cumbersome though!
Here are the details of a image shot with a Samsung camera phone.
this Exifdata can be used as an atytack vector.
In the post Chris explains that exiftool.exe can be used to change data in the jpeg file (including camera type), but the first thing he does is to look at a number of jpg file data.
Unfortunately it looks like this is only a tame test Chris says: ” In the screenshot above I’ve successfully uploaded an image, by accessing it through its respective attachment page. Remember, I am using a harmless payload, just alerting a text message. This could be a completely stealthy attack payload if I wanted it to be. Let’s dive further into the WordPress finding.”
This is the result of testing on the Internet:
The moral of the story is: programmers must sanitize the data (only use data that is needed) otherwise in the future an attacker will use this against you, and slowly attack the site, start to take this seriously or the hackers will pwn your site.
contact us if this does not make sense and we can let you know if your website is vulnerable or not and what you can do to fix it.