Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,384,742 Successful fuzzes

Fuzz Vectors

Searching for "entity"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
Entities allowed with no semi colon	htmlStr = '<div title="'+dataentities.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(dataentities); } }catch(e){};	@garethheyes
HTML Entity in between and	<img src=xx:xx onerror="&chr#X61;lert(num);logChr(num)">	@MisterJyu
Entities allowed instead of colon for js protocol	htmlStr = '<a href="javascript'+dataentities+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@peksa
Entities allowed after js protocol	htmlStr = '<a href="javascript'+dataentities+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entities allowed before js protocol	htmlStr = '<a href="'+dataentities+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entity character breaking innerHTML copy	<div id="fuzzelementnum"> <div title="&#xhex6;style=color:#FF1133" id="copyTargetnum">num - test</div> </div>	@thewildcat

Top fuzzers
insertScript (592)
garethheyes (256)
0x6D6172696F (51)
i_bo0om (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
Giutro (35)
jackmasa (35)
albinowax (33)
0xAli (33)
avlidienbrunn (30)
mramydnei1 (24)
peksa (21)
skeptic_fx (19)
D_Szameitat (19)
ahpaleus (18)
shafigullin (17)
hyeim8 (16)

New users
samengmg
zeroroseinc
jin83971705
zentacross001
HackerNotFound
FaizalHasanwala
mr5827948
_ttffdd_
amrul_01
Aaaa32053280
HNThrowaway
Rezk0n
s0cket7
hyeim8
kuchuxaa
highjack_
AnderXploit
bobba93648920
Nomicon3
ArushiWish

Popular recent vectors
dunno
html elements that end scripts
Characters that close strings in chrome 2
svg xss
Saf2
xss 5
Name
Safari
XSS without par
After open bracket

Latest vectors
close tag construction unicode
close tag construction
After open bracket
uxss legend
uxssnd22
test22
nnbbbbbbbff
chars allowed between js commentmm
uxlld
uxll

© 2019 Copyright Gareth Heyes