Customize Gallery View
Use URL parameters to customize the image display:
?image=filename.jpg
Set image source
?caption=YourText
Set image caption
?alt=Description
Set alt text
?fallback=file.jpg
Fallback on error
?src=filename.jpg
Legacy image source
?action=code
Custom click action
?tooltip=Text
Tooltip text
Featured Image
Beautiful Sunset
Legacy Image Display
⚠️ Legacy mode with minimal validation
Legacy image system - uses ?src= parameter with reduced validation
Interactive Image
Click the image to test custom actions:
Use ?action= to set custom click behavior
🔍 Debug Information
Current parameters:
- image:
sunset.jpg - caption:
Beautiful Sunset - alt:
Image description - fallback:
fallback.jpg - src:
- action:
Tip: Open browser DevTools and inspect the generated HTML to see how parameters are reflected in different contexts.
💡 Exploitation Tips
- Attribute injection: Close the attribute with quote, inject new attribute
- Direct JS execution: Some event handlers allow direct JS code
- Trigger on error: Use invalid image URL to trigger onerror handler
- Quote styles matter: Single (') vs double (") quotes affect escaping
- Legacy parameters: Often have weaker validation (look for ?src=)