A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Image courtesy of Hackaday
.
├── CSRF
│ └── csrf_no_redirect.html
├── LICENSE
├── Open redirect
│ ├── open_redirect_referrer.html
│ └── open_redirect_sign_in_form.md
├── Other
│ ├── reverse_tabnabbing.html
│ └── subdomain_takeover.html
├── README.md
└── XSS
├── pastejacking_reflected_xss_payload.html
├── xss_hidden_input.html
└── xss_password_manager_form.html
Clone this repository to a website you use for testing purposes, publish everything, and you will be able to use all of the proof of concepts under the /proof-of-concepts/ directory (e.g. http://example.com/proof-of-concepts/pastejacking_reflected_xss_payload.html).
$ git clone https://github.com/EdOverflow/proof-of-concepts.git
This project is made for educational and ethical testing purposes only. Usage any of the proof of concepts found in this repository for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by these proof of concepts.
Do you have a fun, creative and convincing proof of concept? Please feel free to submit a pull request and we will add it to this repository.
The issue tracker is the preferred channel for bug reports and features requests.
The bug tracker utilizes several labels to help organize and identify issues.
Use the GitHub issue search — check if the issue has already been reported.
If you would like to support my work, you can use any of the addresses below:
Liberapay: https://liberapay.com/EdOverflow
Bitcoin: 1E2fZRNrrkCKPnWpKZAsJzByBoyoBURADN
Ethereum: 0xe98FC23fB4A8762d700c0354979dA5Db6c29Acc3