Entities that convert to less than in a iframe srcdoc
This shows which entities convert to the less than character inside a iframe srcdoc. Inspired by: https://x.com/therceman/status/1803666353892585642
Created by: hackvertor
Created on: Thursday, August 1, 2024 at 11:25:53 AM
Updated on: Friday, August 30, 2024 at 9:09:16 PM
Vector type: XSS
Template used:
<iframe srcdoc="$[data1]" id=x></iframe>
Code used after fuzz:
if(x.srcdoc.includes("<"))log('$[data1]')
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<iframe srcdoc="<" id=x></iframe>
<iframe srcdoc="<" id=x></iframe>
<iframe srcdoc="<⃒" id=x></iframe>
Fuzz results
Chrome 127.0.0.0 desktop macOS 10.15.7
Found 3 results
Data |
---|
< |
Data |
---|
< |
Data |
---|
<⃒ |
Firefox 128.0 desktop macOS 10.15
Found 3 results
Data |
---|
< |
Data |
---|
< |
Data |
---|
<⃒ |
Safari 18.0 desktop macOS 10.15.7
Found 3 results
Data |
---|
< |
Data |
---|
< |
Data |
---|
<⃒ |