if anything i would use EXIF data to enhance stego.

generally its the JPEG standard that allows the payload, manipulation by abusing EXIF is how you operate the exploit.

there is a 64k file segment specified for JPEG, and you can abuse it to hold any "data" you want, as well as extending to other segments, for more storage.

the raw steganography in most primative form is a comparison of two photos, one of which is pixelshifted to encode the data.

in advanced form, the pixels hold the encrypted data, but the application segments of the JPEG hold keys and or matrix values, and you need a reference image. you can move fairly large volumes of ASCII representation like this before its noticed

you basicly write a webpage that local caches the payload and keys, then abuses EXIF to build and execute an exploit on the target.