Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,422,532 Successful fuzzes

Fuzz Vectors

Searching for "entity"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
chars allowed between a html entity	<!-- sample vector --> <img src=x onerror="&#xchr61lert(num);logChr(num);">	@S1r1u5_
Entities allowed with no semi colon	htmlStr = '<div title="'+dataentities.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(dataentities); } }catch(e){};	@garethheyes
HTML Entity in between and	<img src=xx:xx onerror="&chr#X61;lert(num);logChr(num)">	@MisterJyu
Entities allowed instead of colon for js protocol	htmlStr = '<a href="javascript'+dataentities+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@peksa
Entities allowed after js protocol	htmlStr = '<a href="javascript'+dataentities+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entities allowed before js protocol	htmlStr = '<a href="'+dataentities+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(dataentities); } }catch(e){};	@garethheyes
Entity character breaking innerHTML copy	<div id="fuzzelementnum"> <div title="&#xhex6;style=color:#FF1133" id="copyTargetnum">num - test</div> </div>	@thewildcat

Top fuzzers
insertScript (805)
garethheyes (256)
i_bo0om (51)
0x6D6172696F (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
Giutro (35)
jackmasa (35)
albinowax (33)
0xAli (33)
avlidienbrunn (30)
mramydnei1 (24)
Lamp_AE (22)
peksa (21)
D_Szameitat (19)
skeptic_fx (19)
ahpaleus (18)
irsdl (18)

New users
cj9432
G3ll02
BookPhishing
bananabr
mariofddfdfdf
pitbull98882990
Tien35552399
Jackob63289460
kurotsu90707308
ADlbjs
anguhari
usless534
OwningEsports
rapekek
S1r1u5_
Atlas_Sole88
dracutdashf
barracud4_
JamiuSunmola
Vipulvy90808568

Popular recent vectors
Allowed characters before in href
Single quote breakout

Latest vectors
Single quote breakout
Allowed characters before in href
chars allowed between a html entity
valid JS statement separators firefox
valid JS statement separators chrome
Characters in between protocol in js url (FORK) XXX
Characters between event handlers
testerdd
testfgdfgdf
test23

© 2020 Copyright Gareth Heyes