Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,405,930 Successful fuzzes

Fuzz Vectors

Searching for "entity"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
Entities allowed with no semi colon	htmlStr = '<div title="'+dataentities.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(dataentities); } }catch(e){};	@garethheyes
HTML Entity in between and	<img src=xx:xx onerror="&chr#X61;lert(num);logChr(num)">	@MisterJyu
Entities allowed instead of colon for js protocol	htmlStr = '<a href="javascript'+dataentities+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@peksa
Entities allowed after js protocol	htmlStr = '<a href="javascript'+dataentities+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entities allowed before js protocol	htmlStr = '<a href="'+dataentities+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entity character breaking innerHTML copy	<div id="fuzzelementnum"> <div title="&#xhex6;style=color:#FF1133" id="copyTargetnum">num - test</div> </div>	@thewildcat

Top fuzzers
insertScript (722)
garethheyes (256)
0x6D6172696F (51)
i_bo0om (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
Giutro (35)
jackmasa (35)
albinowax (33)
0xAli (33)
avlidienbrunn (30)
mramydnei1 (24)
Lamp_AE (22)
peksa (21)
skeptic_fx (19)
D_Szameitat (19)
irsdl (18)
ahpaleus (18)

New users
Yang_Luchan
0xRadi
h0nde
HansMoeller82
AbdulConsole
bugbounduk
IvanBiagi1
dlinklalala
igc_iv
FIabber
T_Nisipeanu
Lamp_AE
HackingBrowser
y3gou666
jeem36800855
KagamigawaAlter
AugustoMunue
tunaninhesabi
s0md3v
DrStache_

Popular recent vectors
test23

Latest vectors
test23
Tags with JS capable Events
Tags with Onerror
Characters that can go on either side of in attribute
Valid HTML Attribute Seperators
Unicode characters that normalize to a dot in URLs
test2
test_browser_backdoor
Just testing man
testxx

© 2020 Copyright Gareth Heyes