Shazzer logo

    DOM element relationships

    Chrome logo 8
    Firefox logo 8
    Safari logo 8

    The classic DOM element relationship test found in the blog post https://portswigger.net/research/dom-clobbering-strikes-back

    Created by: joaxcar

    Created on: Wednesday, April 10, 2024 at 7:46:42 AM

    Updated on: Monday, March 24, 2025 at 9:40:38 AM

    Vector type: XSS

    Vector charset: UTF-8

    Vector data 1: html

    Vector data 2: html

    Template used:
    <$[data1] id="x$[i]"><$[data2] id="y$[j]"></$[data2]></$[data1]>
    Code used after fuzz:
    document.getElementById('x$[i]') && x$[i].y$[j] && log('$[data1]->$[data2]')
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    <form->button id="x0">< id="y0"></></form->button>
    <form->fieldset id="x0">< id="y0"></></form->fieldset>
    <form->img id="x0">< id="y0"></></form->img>
    <form->input id="x0">< id="y0"></></form->input>
    <form->object id="x0">< id="y0"></></form->object>
    <form->output id="x0">< id="y0"></></form->output>
    <form->select id="x0">< id="y0"></></form->select>
    <form->textarea id="x0">< id="y0"></></form->textarea>

    Fuzz results

    Chrome logo
    Chrome 123.0.0.0 Unknown Unknown

    Updated

    Sun Apr 14 2024
    Found 8 results
    Loading...
    Firefox logo
    Firefox 124.0 Unknown Unknown

    Updated

    Mon Apr 15 2024
    Found 8 results
    Loading...
    Safari logo
    Safari 17.4 Unknown Unknown

    Updated

    Mon Apr 15 2024
    Found 8 results
    Loading...