Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

5,457,343 Successful fuzzes

Fuzz Vectors

Searching for "string"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
String quotes in JS context <script>s*num* = *chr**num**chr*;if (typeof s*num* == "string" && s*num* == "*num*") logChr(*num*);</script> @blubbfiction
Characters that start JavaScript double quote strings <script> *chr*"; logChr(*num*) </script> @peksa
Characters that result in multiline strings <script> var a = "*chr* "; logChr(*num*); </script> @tifkin_
Characters allowed after string multiline separator <script> var x = "asdf\*chr* asdf"; logChr(*num*); </script> @tifkin_
String variables <script> props=props.concat(Object.getOwnPropertyNames(window)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ if(''[arguments[0]])customLog(arguments[0]); }) </script> @garethheyes
Characters eating backslash in javascript string 2 <script>if("x\*chr*".length==2) { log(*num*);}</script> @mhswende
Characters eating backslash in javascript string <script>if("x\*chr*".length==1) { log(*num*);}</script> @mhswende
Characters ignored inside javascript string v2 <script>if("x*chr*x" == "xx") { log(*num*);}</script> @mhswende
Uncode sequences generating illegitimate ASCII <script> "\ud83d\u*hex4*".match(/.*<.*/) ? log(*num*) : null; </script> @0x6D6172696F
Characters consuming backslashes and breaking JS strings <script>a='abc\*chr*\';log(*num*)//def';</script> @0x6D6172696F
Characters breaking CSS strings allowing expression "'`>ABC<div style="font-family:'foo*chr*;x:expression(log(*num*));/*';">DEF @0x6D6172696F
Characters ending CSS values allowing expressions "'`>ABC<div style="font-family:'foo'*chr*x:expression(log(*num*));/*';">DEF @0x6D6172696F