PoC (Proof of Concept)

A PoC is a working demonstration that a vulnerability is exploitable — typically a short script or repository that triggers the bug.

Definition

A Proof of Concept (PoC) is a working artefact — usually a script, a small program, or a curl one-liner — that demonstrates a vulnerability is exploitable. PoCs serve several constituencies: defenders use them to test detection signatures, security teams use them to verify their patching, and attackers use them as the bootstrap for weaponisation.

PoC quality varies wildly. A "spray and pray" PoC is a one-liner that proves the exploit works against a specific reference build. A "weaponised" exploit handles many target variants, bypasses common mitigations, and includes a payload stage. CVE Explore indexes 270,000+ public PoCs from open-source repositories (curated by the Trickest, nomi-sec, and Metasploit corpora).

Mitigation

Not applicable.

See also

References