xsscx / Commodity-Injection-Signatures

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

burp burpsuite exploit fuzzing header html http injection injection-signatures input javascript malicious poc random rce xss

XSS.Cx Public Repo

Last Update: 8 NOV 2023

Added CVE-2022-26730 ICC Color Profile Sample PoC's
Added CVE Color Profile samples known to Crash many OS
https://srd.cx/cve-2022-26730/
https://srd.cx/cve-2023-32443/
Added PoC's from my CVE's in DemoMaxICC Reference Implementation [https://github.com/InternationalColorConsortium/DemoIccMAX]
- Functionality in Skia, WebKit, Windows etc....
- The color() function and custom color profiles are part of the CSS Colors Module Level 4, which is still a draft and not widely supported.

About

Commodity Injection Signatures
Scraped Fresh from the Internet since 2015
My PoC's from CVE's & Crashes

Suggested Use

Include with Burp Intruder or Custom Scripts
Manual Injection Testing with Well-Known Signatures
Automated Fuzzing with a Wide-Range with Malicious Inputs
Abusing XNU, Windows or Linux

Recent Additions

regex files to aid with apple security research device log analysis
RBL focused on AD CDN's
RBL focused on App Titles
XNU Crash Helpers for Apple Security Research Device circa 2023

Pull Requests Welcome

Happy Hunting!!

About

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

burp burpsuite exploit fuzzing header html http injection injection-signatures input javascript malicious poc random rce xss

GNU General Public License v3.0

Languages

Language:HTML 99.6%Language:XSLT 0.2%Language:C 0.2%Language:PHP 0.0%