exploit_server

Exploit server

Purpose

This server is mainly to test and demo XSS vulnerabilities, specifically postMessage vulnerabilities.

This site is not dangerous, it is for research purposes. There is no backend code, it is a static file server.

Source repo:

https://github.com/jeremy-neale/exploit_server

Domain:

stat-pad.com

Demos

Basic demo:

https://stat-pad.com/postmessage-demo.html

Bad origin (.includes) check 1 (safe):

https://stat-pad.com/bad_origin_checks/includes.html

Bad origin check 2 (host spoofing, vulnerable):

https://jeremy-neale.github.io.stat-pad.com/bad_origin_checks/includes.html

DEMO public test vulnerable server that this server “exploits”:

https://jeremy-neale.github.io/public_vulnerable_exploit_server/