XSS.Cx Public Repo

whoami

I am David Hoyt.

• https://hoyt.net
• https://srd.cx
• https://xss.cx

Last Update: 05 APRIL 2025

• Added ICC Profile XML Crasher PoC via AFL
  • Added AFL Minimized Corpus of XML Crashers
• Added CVE-2024-38427 ICC Color Profile Sample PoC's
• Added CVE-2022-26730 ICC Color Profile Sample PoC's
• Added CVE Color Profile samples known to Crash many OS
• https://srd.cx/cve-2022-26730/
• https://srd.cx/cve-2023-32443/
• Added PoC's from my CVE's in DemoMaxICC Reference Implementation [https://github.com/InternationalColorConsortium/DemoIccMAX]
  • Functionality in Skia, WebKit, Windows etc....
  • The color() function and custom color profiles are part of the CSS Colors Module Level 4, which is still a draft and not widely supported.

About

• Commodity Injection Signatures
• Scraped Fresh from the Internet since 2015
• My PoC's from CVE's & Crashes

Suggested Use

• Include with Burp Intruder or Custom Scripts
• Manual Injection Testing with Well-Known Signatures
• Automated Fuzzing with a Wide-Range with Malicious Inputs
• Abusing XNU, Windows or Linux

Recent Additions

• regex files to aid with apple security research device log analysis
• RBL focused on AD CDN's
• RBL focused on App Titles
• XNU Crash Helpers for Apple Security Research Device circa 2023

Pull Requests Welcome

Happy Hunting!!