Awesome
XSS.Cx Public Repo
<img src="https://xss.cx/2024/05/20/img/xnu-videotoolbox-fuzzer-objective-c-code-project-example.webp" alt="XNU VideoToolbox Fuzzer OSS Project" style="height:1024px; width:1024px;"/>whoami
I am David Hoyt.
Last Update: 22 JUNE 2024
- Added CVE-2024-38427 ICC Color Profile Sample PoC's
- Added CVE-2022-26730 ICC Color Profile Sample PoC's
- Added CVE Color Profile samples known to Crash many OS
- https://srd.cx/cve-2022-26730/
- https://srd.cx/cve-2023-32443/
- Added PoC's from my CVE's in DemoMaxICC Reference Implementation [https://github.com/InternationalColorConsortium/DemoIccMAX]
- Functionality in Skia, WebKit, Windows etc....
- The color() function and custom color profiles are part of the CSS Colors Module Level 4, which is still a draft and not widely supported.
About
- Commodity Injection Signatures
- Scraped Fresh from the Internet since 2015
- My PoC's from CVE's & Crashes
Suggested Use
- Include with Burp Intruder or Custom Scripts
- Manual Injection Testing with Well-Known Signatures
- Automated Fuzzing with a Wide-Range with Malicious Inputs
- Abusing XNU, Windows or Linux
Recent Additions
- regex files to aid with apple security research device log analysis
- RBL focused on AD CDN's
- RBL focused on App Titles
- XNU Crash Helpers for Apple Security Research Device circa 2023
Pull Requests Welcome
Happy Hunting!!