I wonder how many file formats are subject to injection attacks? You could embed the entire universe in PDF, for example, and it would not change the file’s visual appearance at all.

Too many to count, basically anything, even text.

You can hide command and control instructions in text-only instagram posts.

https://boingboing.net/2017/06/07/watering-holes.html

Back when I still used Acrobat for PDFs it was shocking the amount of plugins it loaded and the performance penalty that they came with.

> The entire universe

Might affect the file size a little bit though...

And watch out with compression, or it may collapse into a black hole.

I'm interested in encoding data into image files.

The Cemetech TI-84+ calculator emulator uses image files to load the ROM from a phone.

https://www.cemetech.net/projects/jstified/

I couldn't load the ROM for some reason, until I synced the photo to my iPhone via iTunes over USB.

The image gets recompressed when doing a "Save to Camera Roll" or uploading to Facebook.

I did some more investigation with a checkerboard pattern, and was shocked at how quickly the image data was lost.

If there's a way to have error-correcting codes to recover data from an image, please let me know!

(the application for this is to load 9.9 MB of lyrics data into LocalStorage so a user can search songs with Pingtype, and I wouldn't need to host it on my own server where the lyrics are vulnerable to DMCA takedowns)

Is this a typical Wordpress attack goal? To just get more links and improve your Google PageRank?

What a world.

Yes. I've also seen attempts to steal data.

Must pay well.

I have shared my story in the article's comments how a virus affected our hosting company's server and had to move us on a newer one.

All of this from inside a .ico file...complete madness!

Ahhh, the good old days, inject javascript in gifs and see it run.

There are many non-printable characters that can be used to hide whatever you want in plain sight.