Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,338,859 Successful fuzzes

Fuzz Vectors

Searching for "entity"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
Entities allowed with no semi colon	htmlStr = '<div title="'+dataentities.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(dataentities); } }catch(e){};	@garethheyes
HTML Entity in between and	<img src=xx:xx onerror="&chr#X61;lert(num);logChr(num)">	@MisterJyu
Entities allowed instead of colon for js protocol	htmlStr = '<a href="javascript'+dataentities+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@peksa
Entities allowed after js protocol	htmlStr = '<a href="javascript'+dataentities+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entities allowed before js protocol	htmlStr = '<a href="'+dataentities+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entity character breaking innerHTML copy	<div id="fuzzelementnum"> <div title="&#xhex6;style=color:#FF1133" id="copyTargetnum">num - test</div> </div>	@thewildcat

Top fuzzers
insertScript (528)
garethheyes (256)
i_bo0om (51)
0x6D6172696F (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
Giutro (35)
jackmasa (35)
albinowax (33)
0xAli (33)
avlidienbrunn (30)
mramydnei1 (24)
peksa (21)
skeptic_fx (19)
D_Szameitat (19)
shafigullin (17)
irsdl (16)
goergr1 (15)

New users
deepsk79
agasfasgasdasds
the_yellow_fall
dovanson91
June_Dion
daige13
fall17691353
summer_poc
ketchupandbeer
jogibharat
palindrom
fubbp
sanjayrk143
bmantra
cnet62
sharath_unni
juliokurt
L0TExp
d0znpp
pnig0s

Popular recent vectors
doc property hijack with iframe v3
overwrite cookies test case

Latest vectors
doc property hijack with iframe v3
overwrite cookies test case
form attribute support
script param separator
data uri img src
img src starts with pound follow by fuzz char then data uri
Comma analog in script src data
slash bla htest
random test
Characters that eat JavaScript regex escapes

© 2019 Copyright Gareth Heyes