Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/xsscx/Commodity-Injection-Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
https://github.com/xsscx/Commodity-Injection-Signatures
burp burpsuite exploit fuzzing header html http injection injection-signatures input javascript malicious poc random rce xss
Last synced: 2 months ago
JSON representation
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
- Host: GitHub
- URL: https://github.com/xsscx/Commodity-Injection-Signatures
- Owner: xsscx
- License: gpl-3.0
- Created: 2015-02-01T02:06:13.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-05-01T22:21:58.000Z (2 months ago)
- Last Synced: 2024-05-02T15:29:02.917Z (2 months ago)
- Topics: burp, burpsuite, exploit, fuzzing, header, html, http, injection, injection-signatures, input, javascript, malicious, poc, random, rce, xss
- Language: HTML
- Homepage:
- Size: 5.22 MB
- Stars: 379
- Watchers: 14
- Forks: 123
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Lists
- awesome-hacking-lists - xsscx/Commodity-Injection-Signatures - Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT (HTML)
README
# XSS.Cx Public Repo
## Last Update: 8 NOV 2023
- Added CVE-2022-26730 ICC Color Profile Sample PoC's
- Added CVE Color Profile samples known to Crash many OS
- https://srd.cx/cve-2022-26730/
- https://srd.cx/cve-2023-32443/
- Added PoC's from my CVE's in DemoMaxICC Reference Implementation [https://github.com/InternationalColorConsortium/DemoIccMAX]
- Functionality in Skia, WebKit, Windows etc....
- The color() function and custom color profiles are part of the CSS Colors Module Level 4, which is still a draft and not widely supported.
## About
- Commodity Injection Signatures
- Scraped Fresh from the Internet since 2015
- My PoC's from CVE's & Crashes
## Suggested Use
- Include with Burp Intruder or Custom Scripts
- Manual Injection Testing with Well-Known Signatures
- Automated Fuzzing with a Wide-Range with Malicious Inputs
- Abusing XNU, Windows or Linux
### Recent Additions
- regex files to aid with apple security research device log analysis
- RBL focused on AD CDN's
- RBL focused on App Titles
- XNU Crash Helpers for Apple Security Research Device circa 2023
### Pull Requests Welcome
__Happy Hunting!!__