Common Browser Exploits

Endure Secure Knowledge Base
Table of Contents
< All Topics

Common Browser Exploits

Disclaimer: All exploits linked to or published on Endure Secure’s website, should never be used against an application, without the explicit, written, consent of someone who is authorised to approve security testing against that application. Exploits are published for educational purposes only.

Exploit Languages




Web Apps

When carrying out security research and/or conducting authorised penetration tests against web applications, there are a series of tests you may choose to run. The table below lists out a series of helpful and simple exploits, to help with these types of security engagements:

Clickjacking TesterA simple HTML file, which tests for clickjacking by loading a provided URL in an iFrame.GitHub Link
Safari ReaperTests for a vulnerability in Safari which makes the application susceptible to DDOS.GitHub Link
CryptominerIf an application allows you to load untrusted JavaScript, this can be used to mine web application users’ computers for cryptocurrency, and have it sent to a Coinhive account.GitHub Link
MS14-029Exploits the Internet Explorer MS14-029 vulnerabilityMS Security Bulletin
GitHub Link
MS15-056Exploits the Internet Explorer MS14-029 vulnerabilityMS Security Bulletin
GitHub Link
Spray HeapJavaScript that performs a heap sprayGitHub Link