Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

5,458,936 Successful fuzzes

Fuzz Database

Vector Created By
Comma analog in script src data @i_bo0om
slash bla htest @insertScript
Characters that eat JavaScript regex escapes @tifkin_
XSS Without Space Test 1 @irsdl
Single characters that break attribute names @garethheyes
Characters that expands the URL length (host no xn) @avlidienbrunn
Characters that expands the URL length (host) @avlidienbrunn
Valid characters before domain 1 @avlidienbrunn
kkkkkkkkk @D_Szameitat
wunder @palindrom
Characters that break out of css urls latest @garethheyes
Characters that end script tags @JohnathanKuskos
Characters allowed before tagname in IE v2 @albinowax
JavaScript characters that swallow the next character @tifkin_
Characters allowed at the start of a namespace @agasfasgasdasds
test3_kinmen @kinmenhacker
Crazy MSIE v3 @Giutro
String quotes in JS context @blubbfiction
before_img @han7er
o replacement in event handlers @blubbfiction
Characters that close tags @blubbfiction
Valid characters between attribute and value instead of @blubbfiction
Replacement characters for between attribute and value @blubbfiction
Characters that close a HTML comment 4 @irsdl
Characters that separate JavaScript object key and value @peksa
JavaScript operators that separate objects and scopes @peksa
JavaScript operators that evaluate argument in variable assignment @peksa
Characters allowed between event handlers and equal sign @peksa
HTML input image tag attributes that run JavaScript @peksa
Characters that start JavaScript double quote strings @peksa
Characters that escape JavaScript single line comments @peksa
Ignored characters in javascript protocol uris @peksa
Characters that escape html input tag @peksa
replacement @matttiko
Characters that close a HTML comment 0021 @matttiko
script var separator @i_bo0om
svg animate onbegin @JohnathanKuskos
Characters that separate JavaScript assignment statements @Giutro
Characters that allow a new statement to begin2 @tifkin_
Characters that allow a new statement to begin @tifkin_
testquote @matttiko
testabc @matttiko
Characters that can be used to terminate entities in an href @tifkin_
Characters that can be used close tags2 @tifkin_
Characters allowed between and in HTML entities in style attribute @tifkin_
fssadf dfads fdasf @phpdevops
img tag overflow @kinmenhacker
Connect back @kinmenhacker
Test iOS html5 @kinmenhacker
Separators @JohnathanKuskos
digits @garethheyes
new lines @garethheyes
spaces @garethheyes
characters that behave like equal signs in attribute value @JohnathanKuskos
Characters that dont inhibit eventhandlers @tifkin_
im fish @Mramydnei
wwwemogiccom @vpelss
Characters that make a double quote valid @tifkin_
Characters allowed after domain @avlidienbrunn
Characters allowed before http @avlidienbrunn
Characters that will be mutated to a correct URI 4 @avlidienbrunn
Characters that will be mutated to a correct URI 3 @avlidienbrunn
Characters allowed to hex encodings of javascript variables @tifkin_
Characters allowed to hex encode javascript @tifkin_
Characters allowed in between dashes to end html comments @JohnathanKuskos
Characters allowed between JS function names and parentheses @tifkin_
Characters allowed before script tag name @tifkin_
chars allowed between js comment @insertScript
allowed char in js comment @insertScript
Characters that result in multiline strings @tifkin_
Charactes that complete single quote @tifkin_
Characters allowed between property accessor and property @tifkin_
Characters that escape escapes @JohnathanKuskos
Characters that break out of quoted attributes2 @tifkin_
Characters allowed between 2 consecutive functions @tifkin_
Characters allowed before single functions in event handlers @tifkin_
Characters that can set event handlers3 @tifkin_
characters which turn into a comment @insertScript
Characters that break attribute names @albinowax
Characters allowed after string multiline separator @tifkin_
Characters allowed between attributes @tifkin_
Characters not encoded with encodeURIComponent @garethheyes
Characters not encoded with encodeURI @garethheyes
lt eating char v2 @insertScript
lt eating char @insertScript
Characters after javascript uri @insertScript
characters allowd in html entities @insertScript
Characters before javascript uri @insertScript
SVG script @garethheyes
Entities allowed with no semi colon @garethheyes
HTML Entity in between and @MisterJyu
JS Property check middle character @garethheyes
Characters allowed before slashes no protocol @garethheyes
Characters allowed inside slashes no protocol @garethheyes
Characters allowed instead of slash 2 @garethheyes
Characters allowed instead of slash @garethheyes
Characters allowed after slash @garethheyes
Characters allowed inside http @garethheyes
Characters allowed within an attribute name (on()load) @skeptic_fx
Characters transformed in expando attributes @garethheyes
Expandos attributes characters removed @garethheyes
Valid chars before img word in img tag @ontrif
Equals equivalent signs in attributes @WisecWisec
is my browser leaking location @garethheyes
Characters between time and URL in meta redirects @avlidienbrunn
Characters allowed inside jsurl @avlidienbrunn
justatest2 @evilcos
Characters allowed instead of forward slash in url @garethheyes
Characters allowed instead of colon in js url @garethheyes
Cookie fuzzing @garethheyes
Tags that have the onload event @garethheyes
Characters allowed as vbscript variables @garethheyes
Replacement for s in script tag @blubbfiction
Replacement for lt in tag @blubbfiction
Characters inside script tag name @blubbfiction
Characters between lt and tag name @blubbfiction
aaaaa @goroasd
Entities allowed instead of colon for js protocol @peksa
Entities allowed after js protocol @garethheyes
Entities allowed before js protocol @garethheyes
Entities allowed inside js protocol @garethheyes
Entities allowed before CSS rule @garethheyes
Break out of HTML element from single quoted attribute @peksa
Escaped characters that break out of single quote HTML attribute @peksa
Characters that escape single quoted HTML attributes @peksa
Characters syntactically equivalent to double quote in HTML attributes @p_laguna
Eating backslash @garethheyes
Character allowed after the slash for end script tag @MisterJyu
Character allowed before the slash for end script tag @MisterJyu
Characters that break out of script variables @garethheyes
Char that allows you to act as a slash in closing tag 2 @notxssninja
Characters that close a HTML comment 3 @DOMXss
Characters that are spaces @garethheyes
Characters that are new lines @garethheyes
Attribute separators @garethheyes
Characters separating attributes without quotes after hash @garethheyes
Characters separating attributes without quotes @garethheyes
Determine what character can be at the end of the javascript but before the colon @MisterJyu
incorrect innerHTML serialization @garethheyes
Characters allowed as slash in url @garethheyes
Characters allowed as gt in url @garethheyes
Characters allowed as lt in url @garethheyes
Characters allowed as _ in url @garethheyes
Characters allowed as s in url @garethheyes
Characters allowed as h in http @garethheyes
Characters allowed after colon in url (no slashes) @garethheyes
Characters allowed after slash in url @garethheyes
Characters allowed after colon in url @garethheyes
Characters allowed between slashes @garethheyes
Characters to end script tag via JavaScript regex 002 @0x6D6172696F
Characters to end script tag via JavaScript regex 001 @0x6D6172696F
Characters allowed after asterix in CSS comments @garethheyes
Iframe contentDocument properties @garethheyes
Iframe contentWindow properties @garethheyes
Document body variables @garethheyes
Document variables @garethheyes
Function variables @garethheyes
Object variables @garethheyes
Number variables @garethheyes
String variables @garethheyes
Regexp variables @garethheyes
Array variables @garethheyes
Window variables @garethheyes
Alternatives to in attributes @albinowax
Characters between rgb @garethheyes
Characters before rgb @garethheyes
Characters allowed before paren @garethheyes
Characters allowed after paren rule @garethheyes
Valid characters after expression 2 @garethheyes
Valid characters after expression @garethheyes
Opening paren expression check @garethheyes
Characters that trigger a new attr after new line @garethheyes
Characters eating backslash in javascript string 2 @mhswende
Characters eating backslash in javascript string @mhswende
Quoteless attributes breaker @garethheyes
Characters ignored inside javascript string v2 @mhswende
Characters ignored in html event handler name @mhswende
Replacement for greater than sign @mhswende
Characters allowed between tag and attribute @0xAli
Characters which break attributes without quotes @shafigullin
Characters that close a quote @0xAli
Uncode sequences generating illegitimate ASCII @0x6D6172696F
Characters allowed after ampersand in named character references @_cweb
Characters ending HTML closing tags (HTML4) @0x6D6172696F
Characters consuming backslashes and breaking JS strings @0x6D6172696F
Events in tags with src or href that execute javascript @garethheyes
Tags and events that execute javascript 2 @garethheyes
Tags and events that execute javascript @garethheyes
Tags that execute onerror @garethheyes
Does this browser support e4x @garethheyes
Characters to separate class names in class attributes @0x6D6172696F
Characters allowed after uri host @jackmasa
Characters that close a HTML comment 002 @0x6D6172696F
Characters that close HTML tags @0x6D6172696F
Characters not encoded by encodeURIComponent @shafigullin
Characters not encoded by encodeURI @shafigullin
Characters allowed after script @garethheyes
Single character breaking innerHTML copy @thewildcat
Characters allowed attribute quote @jackmasa
Characters syntactically equivalent to single quote in HTML attributes @_cweb
Characters syntactically equivalent to colon in a URI @_cweb
Characters breaking innerHTML copy @thewildcat
Characters escaping JS comment delimiters 001 @0x6D6172696F
Characters breaking CSS strings allowing expression @0x6D6172696F
Characters ending CSS values allowing expressions @0x6D6172696F
Characters breaking JavaScript Regex delimiter @0x6D6172696F
Escape from attribute a closing tag @shafigullin
Characters in script inside XML elements 004 @0x6D6172696F
Characters in script inside XML elements 003 @0x6D6172696F
Characters in script inside XML elements 001 @0x6D6172696F
Space characters in RegExp @shafigullin
Character between lt and slash in closing tag @shafigullin
Characters allowed between CSS expression chars 02 @0x6D6172696F
Characters allowed between CSS expression chars 01 @0x6D6172696F
Characters allowed between CSS colon and expression @0x6D6172696F
Characters allowed between CSS prop and expression @0x6D6172696F
Characters allowed for padding in a data URI 003 @0x6D6172696F
Characters allowed for padding in a data URI 002 @0x6D6172696F
Characters allowed for padding in a data URI 001 @0x6D6172696F
Characters trimmed my trim @shafigullin
Characters before paren in Javascript call @garethheyes
Characters before img @garethheyes
Characters before script @garethheyes
Characters in between protocol in js url @garethheyes
Characters allowed after attribute name @garethheyes
Characters that close JS Comments @garethheyes
Characters allowed before protocol in js url @garethheyes
Characters allowed before colon in js url @garethheyes
NULL Characters inside JavaScript properties @garethheyes
Characters allowed before CSS properties @garethheyes
Characters allowed before a JavaScript function @garethheyes
Characters that close a HTML comment @garethheyes
Characters allowed before attribute name @garethheyes