HTML-Encoded Attribute Escape
Checks for any escaping from the img tag attribute from encoded input without using double quotes
Created by: IDKdir
Created on: Saturday, July 13, 2024 at 4:56:45 PM
Updated on: Wednesday, December 18, 2024 at 10:47:49 AM
Vector type: XSS
Vector charset: UTF-8
Template used:
<img src="/image.png" tag="html($[chr])><iframe><!--">
Code used after fuzz:
if (document.querySelector('iframe')) {
log($[chr]);
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Fuzz results
No results found.