Skip to content
/ html-poc Public
forked from foobar7/html-poc

Proof of concept code for client-side vulnerabilities

2 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

knassar702/html-poc

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

README.md

README.md

 
 

clickjacking_full.html

clickjacking_full.html

 
 

clickjacking_light.html

clickjacking_light.html

 
 

cors_read.html

cors_read.html

 
 

cors_write.html

cors_write.html

 
 

csrf-json.html

csrf-json.html

 
 

csrf-multi.html

csrf-multi.html

 
 

csrf.html

csrf.html

 
 

postmessage.html

postmessage.html

 
 

tabnapping.html

tabnapping.html

 
 

xssi.html

xssi.html

 
 

Repository files navigation

Proof of concept code for client-side vulnerabilities

Basic HTML proof of concepts for issues such as:

  • Clickjacking
  • insecure CORS settings
  • CSRF
  • Tabnapping
  • XSSI
  • postMessage issues

Most of these are pretty basic, but having them all in one place avoids writing the same things over and over again.

Two things that are a bit more interesting:

  • clickjacking_full.html: an advanced clickjacking script for real-world multi-click Clickjacking exploitation (see blog post ClickAnywhere: An Advanced Clickjacking Script for details).
  • csrf-multi.html: automatically send multiple CSRF requests (for example when bruteforcing a small value - such as an IP when performing CSRF against internal networks -, or for multi-stage CSRF attacks where the order of requests dosn't matter, or requests can be performed multiple times).

About

Proof of concept code for client-side vulnerabilities

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 100.0%