2138:
2069:
2463:-DICOM polyglot technique. The polyglot nature of the attack, combined with regulatory considerations, led to disinfection complications: because "the malware is essentially fused to legitimate imaging files", "incident response teams and A/V software cannot delete the malware file as it contains protected patient health information".
2487:
file format. This technique can be used to exploit security vulnerabilities, for example through uploading a GIFAR to a website that allows image uploading (as it is a valid GIF file), and then causing the Java portion of the GIFAR to be executed as though it were part of the website's intended code,
2448:
appears at byte offset zero, but many PDF interpreters waive this constraint and accept the file as valid PDF as long as the string appears within the first 1024 bytes. This creates a window of opportunity for polyglot PDF files to smuggle non-PDF content in the header of the file. The PDF format has
2426:
compose a malicious payload within an ostensibly benign and widely accepted wrapper format, such as a JPEG file that allows arbitrary data in its comment field. A vulnerable JPEG renderer could then be coerced into executing the payload, handing control to the attacker. The mismatch between what the
2612:
Bridges, Robert A.; Oesch, Sean; Verma, Miki E.; Iannacone, Michael D.; Huffer, Kelly M. T.; Jewell, Brian; Nichols, Jeff A.; Weber, Brian; Beaver, Justin M.; Smith, Jared M.; Scofield, Daniel; Miles, Craig; Plummer, Thomas; Daniell, Mark; Tall, Anne M. (2023). "Beyond the Hype: An
Evaluation of
146:
archive. To maintain validity across interpreting programs, one must ensure that constructs specific to one interpreter are not interpreted by another, and vice versa. This is often accomplished by hiding language-specific constructs in segments interpreted as comments or plain text of the other
141:
A polyglot is composed by combining syntax from two or more different formats, leveraging various syntactic constructs that are either common between the formats, or constructs that are language specific but carrying different meaning in each language. A file is a valid polyglot if it can be
2440:
Highly flexible or extensible file formats have greater scope for polyglotting, and therefore more tightly constrained interpretation offers some mitigation against attacks using polyglot techniques. For example, the PDF file format requires that the
2449:
been described as "diverse and vague", and due to significantly varying behaviour between different PDF parsing engines, it is possible to create a PDF-PDF polyglot that renders as two entirely different documents in two different PDF readers.
2436:
Note that in a security context, there is no requirement for a polyglot file to be strictly valid in multiple formats; it is sufficient for the file to trigger unintended behaviour when being interpreted by its primary interpreter.
2766:
Koch, Luke; Oesch, Sean; Chaulagain, Amul; Dixon, Jared; Dixon, Matthew; Huettal, Mike; Sadovnik, Amir; Watson, Cory; Weber, Brian; Hartman, Jacob; Patulski, Richard (2024). "On the Abuse and
Detection of Polyglot Files".
72:, though file formats and source code syntax are both fundamentally streams of bytes, and exploiting this commonality is key to the development of polyglots. Polyglot files have practical applications in
2056:
This allows creating Perl scripts that can be run on DOS systems with minimal effort. Note that there is no requirement for a file to perform exactly the same function in the different interpreters.
2414:
programming languages were not designed to be compatible with each other, but there is sufficient commonality of syntax that a polyglot Python program can be written than runs in both versions.
2433:
is a trivial form of polyglot, where a server naively expects user-controlled input to conform to a certain constraint, but the user supplies syntax which is interpreted as SQL code.
3177:
2847:
3122:
2495:
GIFARs are possible because GIF images store their header in the beginning of the file, and JAR files (as with any ZIP archive-based format) store their data at the end.
142:
successfully interpreted by multiple interpreting programs. For example, a PDF-Zip polyglot might be opened as both a valid PDF document and decompressed as a valid
2456:. In 2019, an evaluation of commercial anti-malware software determined that several such packages were unable to detect any of the polyglot malware under test.
3211:
114:
group rec.puzzles in 1991, supporting 8 languages, though this was inspired by even earlier programs. In 2000, a polyglot program was named a winner in the
3369:
2926:
3011:
2452:
Detecting malware concealed within polyglot files requires more sophisticated analysis than relying on file-type identification utilities such as
115:
2868:
2207:, and be written in well-formed XHTML. The same document can then be served as either HTML or XHTML, depending on browser support and MIME type.
3069:
2374:) cannot be self-closing even if they are empty, as this is not valid HTML. For example, to add an empty textarea to a page, one cannot use
3099:
2948:
Desjardins, Benoit; Mirsky, Yisroel; Ortiz, Markel Picado; Glozman, Zeev; Tarbox, Lawrence; Horn, Robert; Horii, Steven C. (April 2020).
3168:
2667:
Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the
Detection of Polyglot Files".
3268:
3393:
3141:
2573:
3038:
3328:
2844:
2985:
2895:
3464:
165:
3406:
2587:
2398:
files, allowing efficient storage of the same image data in a file that can be interpreted by either DICOM or TIFF viewers.
2507:, referring to the practise of building systems using multiple programming languages, but not necessarily in the same file.
3449:
3340:
3292:
3126:
34:
3251:
2788:
2744:
2688:
771:
3430:
3203:
2442:
2823:
2204:
160:
Two commonly used techniques for constructing a polyglot program are to make use of languages that use different
85:
3366:
3381:
3336:
3300:
2718:
3280:
3239:
2918:
683:
61:
2427:
interpreting program expects, and what the file actually contains, is the root cause of the vulnerability.
3459:
130:
73:
3007:
2196:
161:
2459:
In 2019, the DICOM medical imaging file format was found to be vulnerable to malware injection using a
2864:
3454:
2510:
731:
38:
2460:
168:, and to redefine various tokens as others in different languages. These are demonstrated in this
2977:
2768:
2668:
2640:
2622:
2579:
2558:
Proceedings of the 2013 ACM SIGSAC conference on
Computer & communications security - CCS '13
2489:
3418:
3091:
3061:
3352:
2969:
2569:
2527:
2484:
2411:
2407:
181:
143:
77:
3315:
2961:
2632:
2561:
30:
3434:
3422:
3416:
A PDF-MP3 polyglot, being a PDF document which is also an MP3 audio version of its content
3410:
3373:
3332:
3284:
3272:
3265:
3255:
3243:
2851:
81:
46:
3145:
2230:
Element syntax (i.e. End tags are not optional. Use self-closing tags for void elements.)
3034:
2453:
2124:, where a secondary file format is hidden within null-padded areas of the primary file.
735:
676:
122:
103:
3325:
2137:
2112:
where a secondary file format is hidden within comment fields in a primary file format
2068:
3443:
2981:
2949:
2644:
2430:
2423:
2218:
Processing instructions and the XML declaration are both forbidden in polyglot markup
2203:
document to meet these criteria, the two requirements are that it must have an HTML5
727:
722:
169:
97:
2583:
753:
function is defined but not called and in C there is no need to explicitly call the
2891:
2214:, to write a polyglot HTML5 document, the following key points should be observed:
669:
3403:
3248:
2792:
2692:
2553:
2252:
The most basic possible polyglot markup document would therefore look like this:
65:
42:
16:
Computer program or file valid in multiple programming languages or file formats
558:
echo "\010Hello, world!\n";// 2> /dev/null > /dev/null \ ;
3385:
3344:
3308:
3304:
3260:
2492:. Java was patched in JRE 6 Update 11, with a CVE published in December 2008.
739:
3008:"Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images"
2740:
3389:
3312:
2565:
775:
22:
2973:
3427:
2965:
2514:
704:" is valid in both PHP and bash; C #defines are used to convert it into "
57:
3397:
3360:
3296:
2819:
126:
121:
In the 21st century, polyglot programs and files gained attention as a
106:
since at least the early 1990s. A notable early example, named simply
3428:
PoC||GTFO, a security publication published as polyglot PDF documents
2552:
Jonas
Magazinius; Billy K. Rios; Andrei Sabelfeld (4 November 2013).
767:
173:
111:
53:
is composed by combining syntax from two or more different formats.
2714:
2636:
2236:
Text (i.e. pre and textarea should not start with newline character)
3277:
2845:
Polyglot Markup: HTML-Compatible XHTML Documents: 6.4 Void
Elements
2773:
2673:
2627:
3288:
2613:
Commercially
Available Machine-Learning-Based Malware Detectors".
2391:
2200:
2181:
2177:
2118:
where two files are mutually arranged within each others' comments
779:
3236:
711:
Comment indicators can be combined to perform various operations.
3377:
3356:
3319:
2395:
2186:
1936:
102:
Polyglot programs have been crafted as challenges and curios in
2394:
medical imaging format was designed to allow polyglotting with
1778:;OneKeyInput Input('Char', 1, '') ; Char
3348:
2480:
2192:
2132:
2063:
1932:
177:
2176:
has been proposed as a useful combination of the benefits of
1919:; Wishing to refine it with new language ? Go on !
3237:
CSE HTML Validator for
Windows with polyglot markup support
2820:"Polyglot Markup: A robust profile of the HTML5 vocabulary"
2242:
Named entity references (i.e. Only amp, lt, gt, apos, quot)
3415:
2362:
In a polyglot markup document non-void elements (such as
745:
The final three lines are only used by bash, to call the
3176:(M.Sc). Norwegian University of Science and Technology.
2184:. Such documents can be parsed as either HTML (which is
1868:"'Hello, World !' in 4 languages"
1608:"'Hello, World !' in 4 languages"
2149:
2106:, where multiple files are concatenated with each other
2080:
672:
statement in C, but is a comment in both bash and PHP.
2741:"15th International Obfuscated C Code Contest (2000)"
37:(or other file) written in a valid form of multiple
2479:) is a polyglot file that is simultaneously in the
2199:structure either way. For example, in order for an
2892:"Cheat Sheet: Writing Python 2-3 compatible code"
129:. Polyglot files have practical applications in
3123:"A photo that can steal your online credentials"
2607:
2605:
734:except for its omission of brackets (which the
3170:Polyglot Programming - A Business Perspective
762:SNOBOL4, Win32Forth, PureBasicv4.x, and REBOL
8:
718:" is a valid statement in both bash and PHP.
675:"//" is a comment in both PHP and C and the
1512:'Char', 1, '') ; Char
766:The following is written simultaneously in
2950:"DICOM Images Have Been Hacked! Now What?"
2547:
2545:
2543:
2221:Specifying a document’s character encoding
415:// 2> /dev/null > /dev/null \ ;
3142:"Billy (BK) Rios » SUN Fixes GIFARs"
2772:
2672:
2626:
2473:Graphics Interchange Format Java Archives
2245:Comments (i.e. Use <!-- syntax -->)
1748:; .( Hello, world !) @ To Including?
686:is used to eliminate undesirable outputs.
2715:"Polyglot: A program in eight languages"
2488:being delivered to the browser from the
2272:"http://www.w3.org/1999/xhtml"
1874:"Developed in 2010 by Society"
1614:"Developed in 2010 by Society"
2539:
2239:Attributes (i.e. Values must be quoted)
116:International Obfuscated C Code Contest
2662:
2660:
2658:
2656:
2654:
2615:Digital Threats: Research and Practice
3261:A polyglot in 451 different languages
3014:from the original on 5 September 2022
2988:from the original on 5 September 2022
2898:from the original on 6 September 2022
2871:from the original on 5 September 2022
2814:
2812:
2810:
2747:from the original on 6 September 2022
2721:from the original on 6 September 2022
2590:from the original on 5 September 2022
2248:Scripting and styling polyglot markup
7:
3266:A polyglot in 16 different languages
2313:The title element must not be empty.
45:. The name was coined by analogy to
3367:A polyglot in 6 different languages
3326:A polyglot in 7 different languages
3278:A polyglot in 8 different languages
2929:from the original on 9 October 2022
2865:"DICOM-TIFF dual personality files"
1935:batch file, then re-runs itself in
697:" PHP indicators still have effect.
630:/* 2> /dev/null | grep -v true*/
511:/* 2> /dev/null | grep -v true*/
3214:from the original on 5 August 2019
3204:"Analyzing Polyglot Microservices"
3202:Gupta, Tripta (19 December 2018).
3121:McMillan, Robert (1 August 2008).
3102:from the original on 20 April 2021
2826:from the original on 9 August 2022
689:Even on commented out lines, the "
564:$ x=5; // 2> /dev/null \ ;
14:
3183:from the original on 4 March 2016
3072:from the original on 6 March 2023
3060:Eckel, Benjamin (5 August 2008).
3041:from the original on 6 March 2023
2954:American Journal of Roentgenology
2923:27th Chaos Communication Congress
2854:. W3C Editor's Draft 9 July 2012.
2380:<textarea></textarea>
3140:Rios, Billy (17 December 2008).
2136:
2067:
2022:perl "%~dpnx0" %*
738:adds if this is compiled with a
56:When the file formats are to be
3125:. Infoworld.com. Archived from
3062:"The GIFAR Image Vulnerability"
2917:Wolf, Julia (9 February 2011).
1883:"Hello, world !"
1829:"Hello, world !"
1775:"Hello, World !"
1623:"Hello, world !"
1569:"Hello, world !"
1497:"Hello, World !"
1037:"Hello, world !"
857:"Hello, World !"
205:"\010Hello, world!\n"
68:, the file can be said to be a
2422:A polyglot of two formats may
1:
2789:"Benefits of polyglot XHTML5"
2689:"Benefits of polyglot XHTML5"
1931:The following file runs as a
591:#define main() int main(void)
472:#define main() int main(void)
315:#define main() int main(void)
125:mechanism for propagation of
2212:html-polyglot recommendation
2195:, and will produce the same
3249:Benefits of polyglot XHTML5
2040:"Hello, world!\n"
1989:"Hello, world!\n"
433:// 2> /dev/null \ ;
340:"Hello, world!\n"
3481:
730:which is identical to the
214:>/dev/null>/dev/null
95:
3404:List of generic polyglots
3242:18 September 2022 at the
1945:Highlighted for DOS batch
80:risk when used to bypass
76:, but can also present a
3167:Fjeldberg, Hans (2008).
2254:
2099:Polyglot types include:
2007:
1948:
1736:
1413:
1138:
791:
570:// 2> /dev/null; then
561:// 2> /dev/null; x=a;
546:
469:#include <stdio.h>
448:// 2> /dev/null; then
418:// 2> /dev/null; x=a;
382:
312:#include <stdio.h>
193:
98:History of steganography
3372:2 November 2008 at the
3254:12 October 2011 at the
3035:"How to Create a GIFAR"
2566:10.1145/2508859.2516685
1927:DOS batch file and Perl
3409:13 August 2003 at the
2850:2 October 2012 at the
2513:is similar, but about
1156:( Hello, world !)
788:Highlighted for SNOBOL
594:#define printf printf(
576:// 2> /dev/null; fi
475:#define printf printf(
460:// 2> /dev/null; fi
318:#define printf printf(
3465:Computer file formats
3331:26 April 2012 at the
3283:3 August 2003 at the
3129:on 18 September 2020.
2418:Security implications
2257:<!DOCTYPE html>
1733:Highlighted for REBOL
1410:Highlighted for BASIC
1195:Input('Char',
1135:Highlighted for Forth
749:function. In PHP the
110:was published on the
39:programming languages
3450:Computer programming
3433:24 June 2018 at the
3421:30 June 2022 at the
2966:10.2214/AJR.19.21958
2560:. pp. 753–764.
2511:Polyglot persistence
2505:Polyglot programming
2210:As expressed by the
2004:Highlighted for Perl
1954:rem = ' --PERL--
668:A hash sign marks a
664:Note the following:
579:#define e ?>
463:#define e ?>
306:#define e ?>
190:Highlighted for Bash
172:polyglot written in
3271:14 May 2013 at the
3098:. 4 December 2008.
3033:Byrd, Christopher.
2499:Related terminology
1252:PrintN("Hello,
944:PrintN("Hello,
618:"Hello, world!
499:"Hello, world!
379:Highlighted for PHP
2795:on 12 October 2011
2695:on 12 October 2011
2424:steganographically
2148:. You can help by
2079:. You can help by
1856:SomeDummyMacroHere
1596:SomeDummyMacroHere
1360:system/ports/input
1351:system/ports/input
1279:SomeDummyMacroHere
708:" at compile time.
3010:. 17 April 2019.
2528:Quine (computing)
2386:Composing formats
2378:, but has to use
2376:<textarea/>
2166:
2165:
2097:
2096:
1291:"'Hello,
989:"'Hello,
974:omeDummyMacroHere
543:Highlighted for C
3472:
3316:machine language
3224:
3223:
3221:
3219:
3199:
3193:
3192:
3190:
3188:
3182:
3175:
3164:
3158:
3157:
3155:
3153:
3148:on 14 March 2016
3144:. Archived from
3137:
3131:
3130:
3118:
3112:
3111:
3109:
3107:
3088:
3082:
3081:
3079:
3077:
3057:
3051:
3050:
3048:
3046:
3030:
3024:
3023:
3021:
3019:
3004:
2998:
2997:
2995:
2993:
2945:
2939:
2938:
2936:
2934:
2914:
2908:
2907:
2905:
2903:
2887:
2881:
2880:
2878:
2876:
2861:
2855:
2842:
2836:
2835:
2833:
2831:
2816:
2805:
2804:
2802:
2800:
2791:. Archived from
2785:
2779:
2778:
2776:
2763:
2757:
2756:
2754:
2752:
2737:
2731:
2730:
2728:
2726:
2711:
2705:
2704:
2702:
2700:
2691:. Archived from
2685:
2679:
2678:
2676:
2664:
2649:
2648:
2630:
2609:
2600:
2599:
2597:
2595:
2549:
2447:
2381:
2377:
2373:
2369:
2365:
2358:
2355:
2352:
2349:
2346:
2343:
2340:
2337:
2334:
2331:
2328:
2325:
2322:
2319:
2316:
2312:
2309:
2306:
2303:
2300:
2297:
2294:
2291:
2288:
2285:
2282:
2279:
2276:
2273:
2270:
2267:
2264:
2261:
2258:
2190:
2161:
2158:
2140:
2133:
2092:
2089:
2071:
2064:
2050:
2047:
2044:
2041:
2038:
2035:
2032:
2029:
2026:
2023:
2020:
2017:
2014:
2011:
1997:
1994:
1990:
1986:
1983:
1980:
1977:
1974:
1971:
1968:
1965:
1961:
1958:
1955:
1952:
1920:
1917:
1914:
1911:
1908:
1905:
1902:
1899:
1896:
1893:
1890:
1887:
1884:
1881:
1878:
1875:
1872:
1869:
1866:
1863:
1860:
1857:
1854:
1851:
1848:
1845:
1842:
1839:
1836:
1833:
1830:
1827:
1824:
1821:
1818:
1815:
1812:
1809:
1806:
1803:
1800:
1797:
1794:
1791:
1788:
1785:
1782:
1779:
1776:
1773:
1770:
1767:
1764:
1761:
1758:
1755:
1752:
1749:
1746:
1743:
1740:
1726:
1723:
1720:
1717:
1714:
1711:
1708:
1705:
1702:
1699:
1696:
1693:
1690:
1687:
1684:
1681:
1678:
1675:
1672:
1669:
1666:
1663:
1660:
1657:
1654:
1651:
1648:
1645:
1642:
1639:
1636:
1633:
1630:
1627:
1624:
1621:
1618:
1615:
1612:
1609:
1606:
1603:
1600:
1597:
1594:
1591:
1588:
1585:
1582:
1579:
1576:
1573:
1570:
1567:
1564:
1561:
1558:
1555:
1552:
1549:
1546:
1543:
1540:
1537:
1534:
1531:
1528:
1525:
1522:
1519:
1516:
1513:
1510:
1507:
1504:
1501:
1498:
1495:
1492:
1489:
1486:
1483:
1480:
1477:
1474:
1471:
1468:
1465:
1462:
1459:
1456:
1453:
1450:
1447:
1444:
1441:
1438:
1435:
1432:
1429:
1426:
1423:
1420:
1417:
1403:
1400:
1397:
1394:
1391:
1388:
1385:
1382:
1379:
1376:
1373:
1370:
1367:
1364:
1361:
1358:
1355:
1352:
1349:
1346:
1343:
1340:
1337:
1334:
1331:
1328:
1325:
1322:
1319:
1316:
1313:
1310:
1307:
1304:
1301:
1298:
1295:
1292:
1289:
1286:
1283:
1280:
1277:
1274:
1271:
1268:
1265:
1262:
1259:
1256:
1253:
1250:
1247:
1244:
1241:
1238:
1235:
1232:
1229:
1226:
1223:
1220:
1217:
1214:
1211:
1208:
1205:
1202:
1199:
1196:
1193:
1190:
1187:
1184:
1181:
1178:
1175:
1172:
1169:
1166:
1163:
1160:
1157:
1154:
1151:
1148:
1145:
1142:
1128:
1125:
1122:
1119:
1116:
1113:
1110:
1107:
1104:
1101:
1098:
1095:
1092:
1089:
1086:
1083:
1080:
1077:
1074:
1071:
1068:
1065:
1062:
1059:
1056:
1053:
1050:
1047:
1044:
1041:
1038:
1035:
1032:
1029:
1026:
1023:
1020:
1017:
1014:
1011:
1008:
1005:
1002:
999:
996:
993:
990:
987:
984:
981:
978:
975:
972:
969:
966:
963:
960:
957:
954:
951:
948:
945:
942:
939:
936:
933:
930:
927:
924:
921:
918:
915:
912:
909:
906:
903:
900:
897:
894:
891:
888:
885:
882:
879:
876:
873:
870:
867:
864:
861:
858:
855:
852:
849:
846:
843:
840:
837:
834:
831:
828:
825:
822:
819:
816:
813:
810:
807:
804:
801:
798:
795:
756:
752:
748:
725:
717:
707:
703:
696:
692:
658:
655:
652:
649:
646:
643:
640:
637:
634:
631:
628:
625:
622:
619:
616:
613:
610:
607:
604:
601:
600:#define function
598:
595:
592:
589:
586:
583:
580:
577:
574:
571:
568:
565:
562:
559:
556:
553:
550:
536:
533:
530:
527:
524:
521:
518:
515:
512:
509:
506:
503:
500:
497:
494:
491:
488:
485:
482:
481:#define function
479:
476:
473:
470:
467:
464:
461:
458:
455:
452:
449:
446:
443:
440:
437:
434:
431:
428:
425:
422:
419:
416:
413:
410:
407:
404:
401:
398:
395:
392:
389:
386:
372:
368:
365:
362:
359:
356:
353:
349:
345:
341:
338:
335:
332:
328:
325:
324:#define function
322:
319:
316:
313:
310:
307:
304:
301:
297:
293:
290:
287:
284:
281:
277:
273:
270:
267:
264:
261:
258:
254:
250:
247:
244:
241:
238:
234:
231:
228:
224:
220:
217:
213:
209:
206:
203:
200:
197:
156:C, PHP, and Bash
109:
84:or to exploit a
70:polyglot program
31:computer program
3480:
3479:
3475:
3474:
3473:
3471:
3470:
3469:
3440:
3439:
3435:Wayback Machine
3423:Wayback Machine
3411:Wayback Machine
3374:Wayback Machine
3333:Wayback Machine
3285:Wayback Machine
3273:Wayback Machine
3256:Wayback Machine
3244:Wayback Machine
3233:
3228:
3227:
3217:
3215:
3201:
3200:
3196:
3186:
3184:
3180:
3173:
3166:
3165:
3161:
3151:
3149:
3139:
3138:
3134:
3120:
3119:
3115:
3105:
3103:
3092:"CVE-2008-5343"
3090:
3089:
3085:
3075:
3073:
3059:
3058:
3054:
3044:
3042:
3032:
3031:
3027:
3017:
3015:
3006:
3005:
3001:
2991:
2989:
2947:
2946:
2942:
2932:
2930:
2916:
2915:
2911:
2901:
2899:
2890:Schofield, Ed.
2889:
2888:
2884:
2874:
2872:
2863:
2862:
2858:
2852:Wayback Machine
2843:
2839:
2829:
2827:
2818:
2817:
2808:
2798:
2796:
2787:
2786:
2782:
2765:
2764:
2760:
2750:
2748:
2739:
2738:
2734:
2724:
2722:
2713:
2712:
2708:
2698:
2696:
2687:
2686:
2682:
2666:
2665:
2652:
2637:10.1145/3567432
2611:
2610:
2603:
2593:
2591:
2576:
2551:
2550:
2541:
2536:
2524:
2501:
2469:
2445:
2420:
2404:
2388:
2379:
2375:
2371:
2367:
2363:
2360:
2359:
2356:
2353:
2350:
2347:
2344:
2341:
2338:
2335:
2332:
2329:
2326:
2323:
2320:
2317:
2314:
2310:
2307:
2304:
2301:
2298:
2295:
2292:
2289:
2286:
2283:
2280:
2277:
2274:
2271:
2268:
2265:
2262:
2259:
2256:
2233:Element content
2185:
2174:Polyglot markup
2171:
2169:Polyglot markup
2162:
2156:
2153:
2146:needs expansion
2131:
2093:
2087:
2084:
2077:needs expansion
2062:
2054:
2053:
2052:
2051:
2048:
2045:
2042:
2039:
2036:
2033:
2030:
2027:
2024:
2021:
2018:
2015:
2012:
2009:
2000:
1999:
1998:
1995:
1992:
1988:
1984:
1981:
1978:
1975:
1972:
1969:
1966:
1963:
1959:
1956:
1953:
1950:
1929:
1924:
1923:
1922:
1921:
1918:
1915:
1912:
1909:
1906:
1903:
1900:
1897:
1894:
1891:
1888:
1885:
1882:
1879:
1876:
1873:
1870:
1867:
1864:
1861:
1858:
1855:
1852:
1849:
1846:
1843:
1840:
1837:
1834:
1831:
1828:
1825:
1822:
1819:
1816:
1813:
1810:
1807:
1804:
1801:
1798:
1795:
1792:
1789:
1786:
1783:
1780:
1777:
1774:
1771:
1768:
1765:
1762:
1759:
1756:
1753:
1750:
1747:
1744:
1741:
1738:
1729:
1728:
1727:
1724:
1721:
1718:
1715:
1712:
1709:
1706:
1703:
1700:
1697:
1694:
1691:
1688:
1685:
1682:
1679:
1676:
1673:
1670:
1667:
1664:
1661:
1658:
1655:
1652:
1649:
1646:
1643:
1640:
1637:
1634:
1631:
1628:
1625:
1622:
1619:
1616:
1613:
1610:
1607:
1604:
1601:
1598:
1595:
1592:
1589:
1586:
1583:
1580:
1577:
1574:
1571:
1568:
1565:
1562:
1559:
1556:
1553:
1550:
1547:
1544:
1541:
1538:
1535:
1532:
1529:
1526:
1523:
1520:
1517:
1514:
1511:
1508:
1505:
1502:
1499:
1496:
1493:
1490:
1487:
1484:
1481:
1478:
1475:
1472:
1469:
1466:
1463:
1460:
1457:
1454:
1451:
1448:
1445:
1442:
1439:
1436:
1433:
1430:
1427:
1424:
1421:
1418:
1415:
1406:
1405:
1404:
1401:
1398:
1395:
1392:
1389:
1386:
1383:
1380:
1377:
1374:
1371:
1368:
1365:
1362:
1359:
1356:
1353:
1350:
1347:
1344:
1341:
1338:
1335:
1332:
1329:
1326:
1323:
1320:
1317:
1314:
1312:"Developed
1311:
1308:
1306:languages"
1305:
1302:
1299:
1296:
1293:
1290:
1287:
1284:
1281:
1278:
1275:
1272:
1269:
1266:
1263:
1260:
1257:
1254:
1251:
1248:
1245:
1242:
1239:
1236:
1233:
1230:
1227:
1224:
1221:
1218:
1215:
1212:
1209:
1206:
1203:
1200:
1197:
1194:
1191:
1188:
1185:
1182:
1179:
1176:
1173:
1170:
1167:
1164:
1161:
1158:
1155:
1152:
1149:
1146:
1143:
1140:
1131:
1130:
1129:
1126:
1123:
1120:
1117:
1114:
1111:
1108:
1105:
1102:
1099:
1096:
1093:
1090:
1087:
1084:
1081:
1078:
1075:
1072:
1069:
1066:
1063:
1060:
1057:
1054:
1051:
1048:
1045:
1042:
1039:
1036:
1033:
1030:
1027:
1024:
1021:
1018:
1015:
1013:"Developed
1012:
1009:
1006:
1004:languages"
1003:
1000:
997:
994:
991:
988:
985:
982:
979:
976:
973:
970:
967:
964:
961:
958:
955:
952:
949:
946:
943:
940:
937:
934:
931:
928:
925:
922:
919:
916:
913:
910:
907:
904:
901:
898:
895:
892:
889:
886:
883:
880:
877:
874:
871:
868:
865:
862:
859:
856:
853:
850:
847:
844:
841:
838:
835:
832:
829:
826:
823:
820:
817:
814:
811:
808:
805:
802:
799:
796:
793:
764:
754:
750:
746:
721:
715:
705:
702:function main()
701:
700:The statement "
694:
690:
662:
661:
660:
659:
656:
653:
650:
647:
644:
641:
638:
635:
632:
629:
626:
623:
620:
617:
614:
611:
608:
605:
602:
599:
596:
593:
590:
588:<stdio.h>
587:
584:
581:
578:
575:
572:
569:
566:
563:
560:
557:
554:
551:
548:
539:
538:
537:
534:
531:
528:
525:
522:
519:
516:
513:
510:
507:
504:
501:
498:
495:
492:
489:
486:
483:
480:
477:
474:
471:
468:
465:
462:
459:
456:
453:
450:
447:
444:
441:
438:
435:
432:
429:
426:
423:
420:
417:
414:
411:
408:
405:
402:
399:
396:
393:
390:
387:
384:
375:
374:
373:
370:
366:
363:
360:
357:
354:
351:
347:
343:
339:
336:
333:
330:
326:
323:
320:
317:
314:
311:
308:
305:
302:
299:
295:
291:
288:
285:
282:
279:
275:
271:
268:
265:
262:
259:
256:
252:
248:
245:
242:
239:
236:
232:
229:
226:
222:
218:
215:
211:
207:
204:
201:
198:
195:
158:
153:
139:
107:
100:
94:
47:multilingualism
17:
12:
11:
5:
3478:
3476:
3468:
3467:
3462:
3457:
3452:
3442:
3441:
3438:
3437:
3425:
3413:
3401:
3364:
3323:
3275:
3263:
3258:
3246:
3232:
3231:External links
3229:
3226:
3225:
3194:
3159:
3132:
3113:
3083:
3052:
3025:
2999:
2960:(4): 727–735.
2940:
2909:
2882:
2856:
2837:
2806:
2780:
2758:
2732:
2706:
2680:
2650:
2601:
2574:
2538:
2537:
2535:
2532:
2531:
2530:
2523:
2520:
2519:
2518:
2508:
2500:
2497:
2468:
2465:
2419:
2416:
2403:
2400:
2387:
2384:
2255:
2250:
2249:
2246:
2243:
2240:
2237:
2234:
2231:
2228:
2225:
2222:
2219:
2170:
2167:
2164:
2163:
2157:September 2022
2143:
2141:
2130:
2127:
2126:
2125:
2119:
2113:
2107:
2095:
2094:
2088:September 2022
2074:
2072:
2061:
2058:
2025:goto endofperl
2016:' --PERL--
2008:
2001:
1987:#!perl print
1949:
1942:
1941:
1928:
1925:
1737:
1730:
1414:
1407:
1139:
1132:
872:'Char'
792:
785:
784:
763:
760:
759:
758:
743:
736:C preprocessor
719:
712:
709:
706:int main(void)
698:
687:
680:
677:root directory
673:
597:#define true )
547:
540:
478:#define true )
383:
376:
321:#define true )
194:
187:
186:
157:
154:
152:
149:
138:
135:
123:covert channel
104:hacker culture
93:
90:
15:
13:
10:
9:
6:
4:
3:
2:
3477:
3466:
3463:
3461:
3460:Steganography
3458:
3456:
3453:
3451:
3448:
3447:
3445:
3436:
3432:
3429:
3426:
3424:
3420:
3417:
3414:
3412:
3408:
3405:
3402:
3399:
3395:
3391:
3387:
3383:
3379:
3375:
3371:
3368:
3365:
3362:
3358:
3354:
3350:
3346:
3342:
3338:
3334:
3330:
3327:
3324:
3321:
3317:
3314:
3310:
3306:
3302:
3298:
3294:
3290:
3286:
3282:
3279:
3276:
3274:
3270:
3267:
3264:
3262:
3259:
3257:
3253:
3250:
3247:
3245:
3241:
3238:
3235:
3234:
3230:
3213:
3209:
3205:
3198:
3195:
3179:
3172:
3171:
3163:
3160:
3147:
3143:
3136:
3133:
3128:
3124:
3117:
3114:
3101:
3097:
3096:cve.mitre.org
3093:
3087:
3084:
3071:
3067:
3063:
3056:
3053:
3040:
3036:
3029:
3026:
3013:
3009:
3003:
3000:
2987:
2983:
2979:
2975:
2971:
2967:
2963:
2959:
2955:
2951:
2944:
2941:
2928:
2924:
2920:
2919:"OMG WTF PDF"
2913:
2910:
2897:
2893:
2886:
2883:
2870:
2866:
2860:
2857:
2853:
2849:
2846:
2841:
2838:
2825:
2821:
2815:
2813:
2811:
2807:
2794:
2790:
2784:
2781:
2775:
2770:
2762:
2759:
2746:
2742:
2736:
2733:
2720:
2716:
2710:
2707:
2694:
2690:
2684:
2681:
2675:
2670:
2663:
2661:
2659:
2657:
2655:
2651:
2646:
2642:
2638:
2634:
2629:
2624:
2620:
2616:
2608:
2606:
2602:
2589:
2585:
2581:
2577:
2575:9781450324779
2571:
2567:
2563:
2559:
2555:
2548:
2546:
2544:
2540:
2533:
2529:
2526:
2525:
2521:
2516:
2512:
2509:
2506:
2503:
2502:
2498:
2496:
2493:
2491:
2486:
2482:
2478:
2474:
2466:
2464:
2462:
2457:
2455:
2450:
2444:
2438:
2434:
2432:
2431:SQL Injection
2428:
2425:
2417:
2415:
2413:
2409:
2402:Compatibility
2401:
2399:
2397:
2393:
2385:
2383:
2253:
2247:
2244:
2241:
2238:
2235:
2232:
2229:
2226:
2223:
2220:
2217:
2216:
2215:
2213:
2208:
2206:
2202:
2198:
2194:
2188:
2183:
2179:
2175:
2168:
2160:
2151:
2147:
2144:This section
2142:
2139:
2135:
2134:
2128:
2123:
2120:
2117:
2114:
2111:
2108:
2105:
2102:
2101:
2100:
2091:
2082:
2078:
2075:This section
2073:
2070:
2066:
2065:
2059:
2057:
2006:
2005:
1947:
1946:
1940:
1938:
1934:
1926:
1735:
1734:
1412:
1411:
1324:Society"
1246:OpenConsole()
1137:
1136:
938:OpenConsole()
790:
789:
783:
781:
777:
773:
769:
761:
744:
741:
737:
733:
729:
728:shell builtin
724:
720:
713:
710:
699:
688:
685:
681:
678:
674:
671:
667:
666:
665:
545:
544:
403:Hello, world!
381:
380:
346:>/dev/null
298:>/dev/null
278:>/dev/null
255:>/dev/null
225:>/dev/null
192:
191:
185:
183:
179:
175:
171:
170:public domain
167:
163:
155:
150:
148:
145:
136:
134:
132:
131:compatibility
128:
124:
119:
117:
113:
105:
99:
91:
89:
87:
86:vulnerability
83:
79:
75:
74:compatibility
71:
67:
63:
59:
54:
52:
51:polyglot file
48:
44:
40:
36:
32:
28:
24:
19:
3376:(written in
3335:(written in
3287:(written in
3216:. Retrieved
3207:
3197:
3185:. Retrieved
3169:
3162:
3150:. Retrieved
3146:the original
3135:
3127:the original
3116:
3104:. Retrieved
3095:
3086:
3074:. Retrieved
3065:
3055:
3043:. Retrieved
3028:
3016:. Retrieved
3002:
2990:. Retrieved
2957:
2953:
2943:
2931:. Retrieved
2922:
2912:
2900:. Retrieved
2885:
2873:. Retrieved
2859:
2840:
2828:. Retrieved
2797:. Retrieved
2793:the original
2783:
2761:
2749:. Retrieved
2735:
2723:. Retrieved
2709:
2697:. Retrieved
2693:the original
2683:
2618:
2614:
2592:. Retrieved
2557:
2504:
2494:
2476:
2472:
2470:
2467:GIFAR attack
2458:
2451:
2443:magic number
2439:
2435:
2429:
2421:
2405:
2389:
2361:
2290:""
2281:""
2251:
2211:
2209:
2173:
2172:
2154:
2150:adding to it
2145:
2121:
2115:
2109:
2103:
2098:
2085:
2081:adding to it
2076:
2055:
2003:
2002:
1991:; __END__
1944:
1943:
1930:
1910:/ports/input
1898:/ports/input
1732:
1731:
1409:
1408:
1333:"Hello,
1192:;OneKeyInput
1183:"Hello,
1134:
1133:
1028:ociety"
787:
786:
765:
670:preprocessor
663:
582:#define b */
542:
541:
529:#define c /*
466:#define b */
385:#define a /*
378:
377:
367:#define c /*
350:grep-vtrue*/
309:#define b */
196:#define a /*
189:
188:
159:
140:
137:Construction
120:
101:
69:
55:
50:
43:file formats
26:
20:
18:
3455:Source code
3018:5 September
2992:5 September
2933:6 September
2902:6 September
2875:5 September
2830:4 September
2799:4 September
2751:6 September
2725:6 September
2699:4 September
2621:(2): 1–22.
2594:5 September
2554:"Polyglots"
2490:same origin
2224:The DOCTYPE
2189:-compatible
1814:OpenConsole
1554:OpenConsole
1503:OneKeyInput
1204:'')
863:OneKeyInput
684:redirection
66:source code
62:interpreted
3444:Categories
3394:Whitespace
3386:Unix shell
3345:PostScript
3309:Unix shell
3305:PostScript
2774:2407.01529
2674:2203.07561
2628:2012.09214
2534:References
2227:Namespaces
2049::endofperl
2028:@rem '
1985:rem ';
1962:off perl
1796:Win32Forth
1533:Win32Forth
1228:Win32Forth
1165:Including?
914:Win32Forth
884:''
827:Including?
776:PureBasicv
772:Win32Forth
740:C compiler
726:is a bash
716:if (($ x))
648:#define c
567:if (($ x))
549:#define a
162:characters
96:See also:
82:validation
3390:Brainfuck
3361:Befunge98
3313:Intel x86
2982:208318324
2645:247218744
2515:databases
2382:instead.
2110:parasites
2019:@echo off
1996:endofperl
1979:endofperl
1904:set-modes
1892:set-modes
1886:EndMacro:
1871:CopyLeft:
1811:EndMacro:
1790:PureBASIC
1754:SkipThis;
1626:EndMacro:
1611:CopyLeft:
1551:EndMacro:
1527:PureBASIC
1464:Including
1357:set-modes
1348:set-modes
1342:EndMacro:
1309:CopyLeft:
1243:EndMacro:
1222:PureBASIC
1171:SkipThis;
1070:set-modes
1049:set-modes
908:PureBASIC
778:4.x, and
757:function.
573:return 0;
555:#<?php
199:#<?php
23:computing
3431:Archived
3419:Archived
3407:Archived
3370:Archived
3329:Archived
3281:Archived
3269:Archived
3252:Archived
3240:Archived
3218:5 August
3212:Archived
3178:Archived
3152:20 April
3106:20 April
3100:Archived
3070:Archived
3066:Hackaday
3039:Archived
3012:Archived
2986:Archived
2974:31770023
2927:Archived
2896:Archived
2869:Archived
2848:Archived
2824:Archived
2745:Archived
2719:Archived
2588:Archived
2584:16516484
2522:See also
2412:Python 3
2408:Python 2
2284:xml:lang
2129:Benefits
2122:cavities
1916:EndMacro
1713:language
1689:EndMacro
1473:SkipThis
1390:language
1366:EndMacro
1258:!")
1180:Char(10)
1115:language
1091:EndMacro
1040:EndMacro
1007:CopyLeft
950:!")
932:EndMacro
833:SkipThis
732:C printf
691:<?php
679:in bash.
603:function
585:#include
484:function
391:<?php
327:function
166:comments
151:Examples
147:format.
108:polyglot
78:security
58:compiled
27:polyglot
3398:Befunge
3297:Fortran
3076:6 March
3045:6 March
2205:doctype
2116:zippers
2046:__END__
1967:%~dpnx0
1784:SNOBOL4
1739:*BUFFER
1695:Wishing
1521:SNOBOL4
1372:Wishing
1339:!"
1270:Inkey()
1216:SNOBOL4
1189:!"
1141:*BUFFER
1097:Wishing
962:Inkey()
902:SNOBOL4
693:" and "
127:malware
92:History
3341:Pascal
3293:Pascal
3208:Medium
3187:28 May
2980:
2972:
2643:
2582:
2572:
2364:script
2104:stacks
2034:#!perl
1970:"
1964:"
1907:system
1895:system
1865:Title:
1835:Repeat
1823:PrintN
1757:OUTPUT
1701:refine
1668:system
1641:system
1605:Title:
1575:Repeat
1563:PrintN
1479:OUTPUT
1419:BUFFER
1378:refine
1297:!'
1288:Title:
1261:Repeat
1174:OUTPUT
1103:refine
1073:system
1052:system
995:!'
953:Repeat
839:OUTPUT
812:Hello,
797:BUFFER
768:SNOBOL
723:printf
682:Shell
636:return
624:"
615:printf
517:return
505:"
496:printf
451:return
409:"
397:"
355:return
342:true/*
337:printf
286:return
174:ANSI C
112:Usenet
35:script
3289:COBOL
3181:(PDF)
3174:(PDF)
2978:S2CID
2769:arXiv
2669:arXiv
2641:S2CID
2623:arXiv
2580:S2CID
2477:GIFAR
2392:DICOM
2351:</
2342:</
2324:</
2318:title
2315:</
2308:title
2266:xmlns
2201:HTML5
2191:) or
2182:XHTML
2178:HTML5
2060:Types
2037:print
1913:NOP::
1901:Input
1880:Print
1859:REBOL
1853:Macro
1844:Inkey
1841:Until
1808:<3
1802:REBOL
1751:Macro
1680:input
1674:ports
1665:modes
1656:Input
1653:input
1647:ports
1638:modes
1620:Print
1599:REBOL
1593:Macro
1584:Inkey
1581:Until
1539:REBOL
1506:Input
1470:Macro
1449:world
1443:Hello
1363:NOP::
1354:Input
1336:world
1330:Print
1294:World
1282:REBOL
1276:Macro
1267:Until
1255:world
1240:<3
1234:REBOL
1186:World
1168:Macro
1088:NOP::
1085:input
1079:ports
1067:Input
1064:input
1058:ports
1034:Print
992:World
983:Title
977:REBOL
968:Macro
959:Until
947:world
920:REBOL
866:Input
830:Macro
815:world
780:REBOL
695:?>
369:main
29:is a
3396:and
3378:Perl
3359:and
3357:Perl
3353:Bash
3320:Perl
3318:and
3220:2019
3189:2015
3154:2021
3108:2021
3078:2023
3047:2023
3020:2022
2994:2022
2970:PMID
2935:2022
2904:2022
2877:2022
2832:2022
2801:2022
2753:2022
2727:2022
2701:2022
2596:2022
2570:ISBN
2483:and
2454:file
2446:%PDF
2410:and
2406:The
2396:TIFF
2390:The
2357:>
2354:html
2348:>
2345:body
2339:>
2336:body
2333:<
2330:>
2327:head
2321:>
2311:>
2305:<
2302:>
2299:head
2296:<
2293:>
2275:lang
2263:html
2260:<
2187:SGML
2180:and
2010:@rem
1976:goto
1960:echo
1937:Perl
1889:func
1781:End;
1763:Char
1707:with
1683:NOP:
1629:func
1545:<
1485:Char
1384:with
1345:func
1318:2010
1213:End;
1210:Char
1109:with
1046:func
1019:2010
926:<
893:Char
845:Char
755:main
751:main
747:main
654:main
627:true
606:main
532:main
508:true
487:main
400:\010
394:echo
329:main
283:then
202:echo
182:bash
180:and
164:for
49:. A
25:, a
3349:TeX
2962:doi
2958:214
2633:doi
2562:doi
2485:JAR
2481:GIF
2372:div
2197:DOM
2193:XML
2152:.
2083:.
1933:DOS
1745:A.A
1710:new
1659:set
1632:set
1515:End
1387:new
1147:A.A
1112:new
896:End
803:A.A
770:4,
657:#*/
535:#*/
442:$ x
421:$ x
371:#*/
269:$ x
240:$ x
178:PHP
144:zip
64:as
60:or
41:or
33:or
21:In
3446::
3392:,
3388:,
3384:,
3380:,
3355:,
3351:,
3347:,
3343:,
3339:,
3322:5)
3311:,
3307:,
3303:,
3299:,
3295:,
3291:,
3210:.
3206:.
3094:.
3068:.
3064:.
3037:.
2984:.
2976:.
2968:.
2956:.
2952:.
2925:.
2921:.
2894:.
2867:.
2822:.
2809:^
2743:.
2717:.
2653:^
2639:.
2631:.
2617:.
2604:^
2586:.
2578:.
2568:.
2556:.
2542:^
2471:A
2461:PE
2370:,
2366:,
1973:%*
1939::
1847:()
1817:()
1769:10
1722:on
1719:Go
1704:it
1698:to
1587:()
1557:()
1491:10
1461:To
1399:on
1396:Go
1381:it
1375:to
1321:by
1315:in
1300:in
1162:To
1124:on
1121:Go
1106:it
1100:to
1022:by
1016:in
998:in
851:10
824:To
818:!)
809:.(
782::
774:,
742:).
651:/*
621:\n
609:()
552:/*
502:\n
490:()
445:))
439:((
436:if
406:\n
331:()
303:fi
294://
274://
272:))
266:((
263:if
257:\
251://
221://
216:\
210://
184::
176:,
133:,
118:.
88:.
3400:)
3382:C
3363:)
3337:C
3301:C
3222:.
3191:.
3156:.
3110:.
3080:.
3049:.
3022:.
2996:.
2964::
2937:.
2906:.
2879:.
2834:.
2803:.
2777:.
2771::
2755:.
2729:.
2703:.
2677:.
2671::
2647:.
2635::
2625::
2619:4
2598:.
2564::
2517:.
2475:(
2368:p
2287:=
2278:=
2269:=
2159:)
2155:(
2090:)
2086:(
2043:;
2031:;
2013:=
1993::
1982:@
1957:@
1951:@
1877:]
1862:[
1850::
1838::
1832:)
1826:(
1820::
1805:=
1799:+
1793:+
1787:+
1772:)
1766:(
1760:=
1742::
1725:!
1716:?
1692:;
1686::
1677:/
1671:/
1662:-
1650:/
1644:/
1635:-
1617:]
1602:[
1590::
1578::
1572:)
1566:(
1560::
1548:3
1542:=
1536:+
1530:+
1524:+
1518:;
1509:(
1500:;
1494:)
1488:(
1482:=
1476:;
1467:?
1458:@
1455:)
1452:!
1446:,
1440:(
1437:.
1434:;
1431:A
1428:.
1425:A
1422::
1416:*
1402:!
1393:?
1369:;
1327:]
1303:4
1285:[
1273::
1264::
1249::
1237:=
1231:+
1225:+
1219:+
1207:;
1201:,
1198:1
1177:=
1159:@
1153:.
1150:;
1144::
1127:!
1118:?
1094:;
1082:/
1076:/
1061:/
1055:/
1043::
1031:]
1025:S
1010::
1001:4
986::
980:[
971:S
965::
956::
941::
935::
929:3
923:=
917:+
911:+
905:+
899:;
890:;
887:)
881:,
878:1
875:,
869:(
860:;
854:)
848:(
842:=
836:;
821:@
806:;
800::
794:*
714:"
645:}
642:;
639:0
633:;
612:{
526:}
523:;
520:0
514:;
493:{
457:;
454:0
430:;
427:5
424:=
412:;
388:#
364:}
361:;
358:0
352:;
348:|
344:2
334:{
300:;
296:2
292:;
289:0
280:;
276:2
260:;
253:2
249:;
246:5
243:=
237:;
235:a
233:=
230:x
227:;
223:2
219:;
212:2
208:;
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.