Featured vector
Firefox 0.0
<script src=data:0x2calert(1)></script>
<script src=data:0x2calert(1)></script>
Fuzz vector cloud
Anchor Attributes CSS Closing Comments HTML HTML5 JavaScript Protocol Script URL XSS attribute bypass challenge char comment data encoding entities entity event events expression flash fun handler href img innerHTML navigateURL obfusc obfuscation onload prompt properties regex space src string strings style svg tag tags test uri vbscript waf xml
5,456,811 Successful fuzzes
Fuzz Vectors
Searching for "properties"
Your browser identified asGeneral Crawlers unknown
All vectors
| Description | Vector | Created by |
|---|---|---|
| Characters allowed between property accessor and property | <script> if(document.*chr*body === document.body) { logChr(*num*); } </script> | @tifkin_ |
| Iframe contentDocument properties | <iframe src="http://businessinfo.co.uk" id="iframe"></iframe> <script> window.addEventListener('load', function(){ props=props.concat(Object.getOwnPropertyNames(document)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ try{ if(document.getElementById('iframe').contentDocument[arguments[0]])customLog(arguments[0]); }catch(e){}; }) }, false); </script> | @garethheyes |
| Iframe contentWindow properties | <iframe src="http://businessinfo.co.uk" id="iframe"></iframe> <script> window.addEventListener('load', function(){ props=props.concat(Object.getOwnPropertyNames(document)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ try{ if(document.getElementById('iframe').contentWindow[arguments[0]])customLog(arguments[0]); }catch(e){}; }) }, false); </script> | @garethheyes |
| NULL Characters inside JavaScript properties | `'"><script>window['log*chr*'](*num*)</script> | @garethheyes |
| Characters allowed before CSS properties | '"`><div id="fuzzelement*num*" style="*chr*color:#000000;"></div> | @garethheyes |