Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,341,737 Successful fuzzes

Fuzz Vectors

Searching for "string"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
String quotes in JS context	<script>snum = chrnumchr;if (typeof snum == "string" && snum == "num") logChr(num);</script>	@blubbfiction
Characters that start JavaScript double quote strings	<script> chr"; logChr(num) </script>	@peksa
Characters that result in multiline strings	<script> var a = "chr "; logChr(num); </script>	@tifkin_
Characters allowed after string multiline separator	<script> var x = "asdf\chr asdf"; logChr(num); </script>	@tifkin_
String variables	<script> props=props.concat(Object.getOwnPropertyNames(window)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ if(''[arguments[0]])customLog(arguments[0]); }) </script>	@garethheyes
Characters eating backslash in javascript string 2	<script>if("x\chr".length==2) { log(num);}</script>	@mhswende
Characters eating backslash in javascript string	<script>if("x\chr".length==1) { log(num);}</script>	@mhswende
Characters ignored inside javascript string v2	<script>if("xchrx" == "xx") { log(num);}</script>	@mhswende
Uncode sequences generating illegitimate ASCII	<script> "\ud83d\uhex4".match(/.<./) ? log(num) : null; </script>	@0x6D6172696F
Characters consuming backslashes and breaking JS strings	<script>a='abc\chr\';log(num)//def';</script>	@0x6D6172696F
Characters breaking CSS strings allowing expression	"'`>ABC<div style="font-family:'foochr;x:expression(log(num));/*';">DEF	@0x6D6172696F
Characters ending CSS values allowing expressions	"'`>ABC<div style="font-family:'foo'chrx:expression(log(num));/*';">DEF	@0x6D6172696F

Top fuzzers
insertScript (544)
garethheyes (256)
0x6D6172696F (51)
i_bo0om (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
Giutro (35)
jackmasa (35)
0xAli (33)
albinowax (33)
avlidienbrunn (30)
mramydnei1 (24)
peksa (21)
skeptic_fx (19)
D_Szameitat (19)
shafigullin (17)
irsdl (16)
goergr1 (15)

New users
missoum1307
gnsehfvlr
ZanyMonk
nullfl0w
pzYlrJOefET3kRS
0xmid9
pun1sh3ll
ilanisme
BasedBlue
bot_infosec
0xrudrapratap
ArthusuxD
rajesh_sangi12
haqpl
salchoman
TShazzer
deepsk79
agasfasgasdasds
the_yellow_fall
dovanson91

Popular recent vectors
doc property hijack with iframe v3
overwrite cookies test case
eating char (please god help )
eating char

Latest vectors
eating char (please god help )
eating char
doc property hijack with iframe v3
overwrite cookies test case
form attribute support
script param separator
data uri img src
img src starts with pound follow by fuzz char then data uri
Comma analog in script src data
slash bla htest

© 2019 Copyright Gareth Heyes