- Commodity Injection Signatures
- CVE PoC's
- User Controllable Input
I am David Hoyt.
- Add https://github.com/xsscx/research for ICC Profiles
- Renamed from Commodity-Injection-Signatures to fuzz
- Added XML & ICC CVE PoC's
- Added ICC Profile XML Crasher PoC via AFL
- Added AFL Minimized Corpus of XML Crashers
- Added CVE-2024-38427 ICC Color Profile Sample PoC's
- Added CVE-2022-26730 ICC Color Profile Sample PoC's
- Added CVE Color Profile samples known to Crash many OS
- https://srd.cx/cve-2022-26730/
- https://srd.cx/cve-2023-32443/
- Added PoC's from my CVE's in DemoMaxICC Reference Implementation [https://github.com/InternationalColorConsortium/DemoIccMAX]
- Functionality in Skia, WebKit, Windows etc....
- The color() function and custom color profiles are part of the CSS Colors Module Level 4, which is still a draft and not widely supported.
- Commodity Injection Signatures
- Scraped Fresh from the Internet since 2015
- My PoC's from CVE's & Crashes
- Include with Burp Intruder or Custom Scripts
- Manual Injection Testing with Well-Known Signatures
- Automated Fuzzing with a Wide-Range with Malicious Inputs
- Abusing XNU, Windows or Linux
- regex files to aid with apple security research device log analysis
- RBL focused on AD CDN's
- RBL focused on App Titles
- XNU Crash Helpers for Apple Security Research Device circa 2023
Happy Hunting!!