Featured vector

IE 11.0
<a href="/0x3033google.com" id="fuzzelement1">asdf</a> <script> if(document.getElementById('fuzzelement1').hostname=="google.com") { alert(1); } </script>

Fuzz vector cloud

5,453,920 Successful fuzzes

Fuzz Vectors

Searching for "string"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
String quotes in JS context <script>s*num* = *chr**num**chr*;if (typeof s*num* == "string" && s*num* == "*num*") logChr(*num*);</script> @blubbfiction
Characters that start JavaScript double quote strings <script> *chr*"; logChr(*num*) </script> @peksa
Characters that result in multiline strings <script> var a = "*chr* "; logChr(*num*); </script> @tifkin_
Characters allowed after string multiline separator <script> var x = "asdf\*chr* asdf"; logChr(*num*); </script> @tifkin_
String variables <script> props=props.concat(Object.getOwnPropertyNames(window)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ if(''[arguments[0]])customLog(arguments[0]); }) </script> @garethheyes
Characters eating backslash in javascript string 2 <script>if("x\*chr*".length==2) { log(*num*);}</script> @mhswende
Characters eating backslash in javascript string <script>if("x\*chr*".length==1) { log(*num*);}</script> @mhswende
Characters ignored inside javascript string v2 <script>if("x*chr*x" == "xx") { log(*num*);}</script> @mhswende
Uncode sequences generating illegitimate ASCII <script> "\ud83d\u*hex4*".match(/.*<.*/) ? log(*num*) : null; </script> @0x6D6172696F
Characters consuming backslashes and breaking JS strings <script>a='abc\*chr*\';log(*num*)//def';</script> @0x6D6172696F
Characters breaking CSS strings allowing expression "'`>ABC<div style="font-family:'foo*chr*;x:expression(log(*num*));/*';">DEF @0x6D6172696F
Characters ending CSS values allowing expressions "'`>ABC<div style="font-family:'foo'*chr*x:expression(log(*num*));/*';">DEF @0x6D6172696F