Character allowed after onerror event
I want to know which characters the browser accepts between an event handler and a equal sign.
Created by: InsertScript
Created on: 4/2/2024, 9:47:31 AM
Updated on: 5/15/2024, 6:50:04 PM
Vector type: XSS
Template used:
<img src=x onerror$[chr]=log($[i])>
Your browser was detected as:
Detecting... Detecting...
Fuzz results:
Chrome 123.0.0.0
Results
Found 5
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
12 | 0c | FF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |
Dec | Hex | Chr |
---|---|---|
32 | 20 | SPACE |
Firefox 124.0
Results
Found 5
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
12 | 0c | FF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |
Dec | Hex | Chr |
---|---|---|
32 | 20 | SPACE |
Safari 17.4
Results
Found 5
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
12 | 0c | FF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |
Dec | Hex | Chr |
---|---|---|
32 | 20 | SPACE |