Endure Secure Knowledge Base
Common Browser Exploits
Disclaimer: All exploits linked to or published on Endure Secure’s website, should never be used against an application, without the explicit, written, consent of someone who is authorised to approve security testing against that application. Exploits are published for educational purposes only.
Exploit Languages
Difficulty
Easy
Category
Web Apps
When carrying out security research and/or conducting authorised penetration tests against web applications, there are a series of tests you may choose to run. The table below lists out a series of helpful and simple exploits, to help with these types of security engagements:
| Name | Description | Link |
|---|---|---|
| Clickjacking Tester | A simple HTML file, which tests for clickjacking by loading a provided URL in an iFrame. | GitHub Link |
| Safari Reaper | Tests for a vulnerability in Safari which makes the application susceptible to DDOS. | GitHub Link |
| Cryptominer | If an application allows you to load untrusted JavaScript, this can be used to mine web application users’ computers for cryptocurrency, and have it sent to a Coinhive account. | GitHub Link |
| MS14-029 | Exploits the Internet Explorer MS14-029 vulnerability | MS Security Bulletin GitHub Link |
| MS15-056 | Exploits the Internet Explorer MS14-029 vulnerability | MS Security Bulletin GitHub Link |
| Spray Heap | JavaScript that performs a heap spray | GitHub Link |