Here is an image:
But it is also an HTML page. Here is the markup for the above image:
<img src="http://lcamtuf.coredump.cx/squirrel/" />
Now try visiting that webpage:
Pretty cool, eh?
I did not make this. I am just showing you because it is cool.
Here is an explanation of what is happening:
- The file is a valid jpeg file with some html in metadata.
- The server responds with Content-Type: text/html, making browser interpret the response body as html.
- Browser ignores jpeg header until it sees and starts to render the html.
- The html in the jpeg metadata ends with "<!--" , which starts html comment.
- The html has that renders the file as image.
I found this hack fascinating, and I hope you did too.