A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.
☆50Aug 31, 2025Updated 10 months ago
Alternatives and similar repositories for dom-clobbering-collection
Users that are interested in dom-clobbering-collection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.☆97Aug 25, 2025Updated 10 months ago
- Awesome MXSS ??☆58Sep 30, 2024Updated last year
- phpfuck: using only 5 different characters to write and execute php // (^.9)☆20Nov 26, 2021Updated 4 years ago
- ☆17Jul 31, 2021Updated 4 years ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆58Oct 25, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆12Jan 10, 2024Updated 2 years ago
- This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) an…☆147Feb 4, 2026Updated 5 months ago
- This repository is an interactive collection of my solutions to various XSS challenges.☆13Oct 25, 2020Updated 5 years ago
- ☆35Jan 31, 2026Updated 5 months ago
- Generate DOM clobbering attack vectors for you.☆35Jun 3, 2025Updated last year
- Infrastructure for the Potluck CTF☆25Mar 11, 2024Updated 2 years ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆75Jan 21, 2024Updated 2 years ago
- ☆18Nov 28, 2021Updated 4 years ago
- ☆20Apr 27, 2026Updated 2 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Monorepo for challenges, infra, and theming for UIUCTF 2024 (https://2024.uiuc.tf/)☆17Jul 14, 2024Updated last year
- Inti easter challenge poc☆17May 4, 2021Updated 5 years ago
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆114Jun 23, 2025Updated last year
- A collection of Server-Side Prototype Pollution gadgets and exploits☆234Feb 6, 2025Updated last year
- Find all libraries on cdn.js that pollute your prototype☆19Sep 1, 2022Updated 3 years ago
- Python sandbox escape wiki + payload generator☆146Sep 18, 2024Updated last year
- API Security University & PortSwigger Academy Study Notes☆25Nov 13, 2025Updated 7 months ago
- Supertruder but better☆31Mar 10, 2023Updated 3 years ago
- ☆15May 8, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scr…☆694May 29, 2026Updated last month
- challenges 2024 woohoo☆22Sep 19, 2024Updated last year
- ☆51Aug 2, 2025Updated 11 months ago
- ☆10Jun 29, 2022Updated 4 years ago
- a repository of all the CTF challenges I've made for public events☆63Jul 30, 2025Updated 11 months ago
- Repo containing walkthroughs to possibly pwn Admin Panels and Exposed Consoles☆17Sep 20, 2024Updated last year
- ☆31May 1, 2025Updated last year
- ☆21May 25, 2025Updated last year
- Seecurity helper tool to detect entry points of WordPress plugins☆10May 16, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆11Feb 3, 2022Updated 4 years ago
- Here i will post my writeups :)☆33Dec 9, 2022Updated 3 years ago
- Making a lab and testing the CVE-2024-3116, a Remote Code Execution in pgadmin <=8.4☆12Apr 11, 2024Updated 2 years ago
- The content of the workshop Client-side web security for Bsides 2021 event, held by @m0kr4n3 and @ouxs-19 at ESI algiers.☆13Jan 8, 2022Updated 4 years ago
- A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.☆49Feb 6, 2026Updated 5 months ago
- CSS injection requires an attacker to load a standalone CSS file to leak HTML tag attributes.☆21Apr 19, 2024Updated 2 years ago
- Prototype Pollution and useful Script Gadgets☆1,636Jan 27, 2024Updated 2 years ago