Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

3,336,911 Successful fuzzes

Fuzz Vectors

Searching for "string"

Your browser identified as

General Crawlers unknown

All vectors

Description	Vector	Created by
String quotes in JS context	<script>snum = chrnumchr;if (typeof snum == "string" && snum == "num") logChr(num);</script>	@blubbfiction
Characters that start JavaScript double quote strings	<script> chr"; logChr(num) </script>	@peksa
Characters that result in multiline strings	<script> var a = "chr "; logChr(num); </script>	@tifkin_
Characters allowed after string multiline separator	<script> var x = "asdf\chr asdf"; logChr(num); </script>	@tifkin_
String variables	<script> props=props.concat(Object.getOwnPropertyNames(window)); for(var i=-100;i<100;i++) { props.push(i); } props.forEach(function(){ if(''[arguments[0]])customLog(arguments[0]); }) </script>	@garethheyes
Characters eating backslash in javascript string 2	<script>if("x\chr".length==2) { log(num);}</script>	@mhswende
Characters eating backslash in javascript string	<script>if("x\chr".length==1) { log(num);}</script>	@mhswende
Characters ignored inside javascript string v2	<script>if("xchrx" == "xx") { log(num);}</script>	@mhswende
Uncode sequences generating illegitimate ASCII	<script> "\ud83d\uhex4".match(/.<./) ? log(num) : null; </script>	@0x6D6172696F
Characters consuming backslashes and breaking JS strings	<script>a='abc\chr\';log(num)//def';</script>	@0x6D6172696F
Characters breaking CSS strings allowing expression	"'`>ABC<div style="font-family:'foochr;x:expression(log(num));/*';">DEF	@0x6D6172696F
Characters ending CSS values allowing expressions	"'`>ABC<div style="font-family:'foo'chrx:expression(log(num));/*';">DEF	@0x6D6172696F

Top fuzzers
insertScript (465)
garethheyes (256)
i_bo0om (51)
0x6D6172696F (51)
JohnathanKuskos (46)
heyheyheyhey10 (43)
tifkin_ (42)
palindrom (38)
Giutro (35)
jackmasa (35)
albinowax (33)
0xAli (33)
avlidienbrunn (30)
mramydnei1 (24)
peksa (21)
skeptic_fx (19)
D_Szameitat (19)
shafigullin (17)
irsdl (16)
goergr1 (15)

New users
deepsk79
agasfasgasdasds
the_yellow_fall
dovanson91
June_Dion
daige13
fall17691353
summer_poc
ketchupandbeer
jogibharat
palindrom
fubbp
sanjayrk143
bmantra
cnet62
sharath_unni
juliokurt
L0TExp
d0znpp
pnig0s

No records found.

Popular recent vectors

Latest vectors
script param separator
data uri img src
img src starts with pound follow by fuzz char then data uri
Comma analog in script src data
slash bla htest
random test
Characters that eat JavaScript regex escapes
Characters that modify JavaScript regex character classes
test all
XSS Without Space Test 1

© 2018 Copyright Gareth Heyes