Cache deceiving...

Difference between browser-supported handlers and Shazzer 'events' list - Shazzer

Difference between browser-supported handlers and Shazzer 'events' list

⚠ Browser differences

Shazzer's 'events' list. (118 handlers currently). Opposed to handlers registered in document, document.body and window objects (138 handlers currently). The shazzer's event list is compared with all handlers.

Fuzzer

Created byhansmach1ne

Created Jan 5, 2025

Updated May 27, 2025

Detecting browser...

CategoryXSS Execution

VisibilityPublic

TypeJS

CharsetUTF-8

$[data1] placeholderevents

Code used before fuzz:

function listAllEventHandlers() {0x0D
    const allHandlers = new Set();0x0D
    const objects = [document.body, document, window];0x0D
    objects.forEach(obj => {0x0D
        for (const prop in obj) {0x0D
            if (prop.startsWith('on')) {0x0D
                allHandlers.add(prop);0x0D
            }0x0D
        }0x0D
    });0x0D
    return Array.from(allHandlers).sort();0x0D
}0x0D
allBodyHandlers = listAllEventHandlers();0x0D
0x0D
console.log("window, document and document.body contain " + allBodyHandlers .length + " handlers")0x0D
0x0D
const shazzerEvents  = new Set();

Template used:

shazzerEvents.add('$[data1]');

Code used after fuzz:

console.log("Shazzer 'events' contains " + shazzerEvents.size + " events");0x0D
0x0D
function missingHandlers() {0x0D
const out = new Set();0x0D
    for(let handler of allBodyHandlers) {0x0D
        if (!shazzerEvents.has(handler)) {0x0D
            out.add(handler);0x0D
        }0x0D
    }0x0D
return out;0x0D
}0x0D
0x0D
for(let handler of missingHandlers()){0x0D
   log(handler);0x0D
}

Sample payloads

shazzerEvents.add('onanimationcancel');

shazzerEvents.add('onbeforecopy');

shazzerEvents.add('onbeforecut');

shazzerEvents.add('onbeforepaste');

shazzerEvents.add('oncommand');

shazzerEvents.add('oncopy');

shazzerEvents.add('oncut');

shazzerEvents.add('onfreeze');

shazzerEvents.add('onfullscreenchange');

shazzerEvents.add('onfullscreenerror');

shazzerEvents.add('ongamepadconnected');

shazzerEvents.add('ongamepaddisconnected');

shazzerEvents.add('onpageswap');

shazzerEvents.add('onpaste');

shazzerEvents.add('onpointerlockchange');

shazzerEvents.add('onpointerlockerror');

shazzerEvents.add('onprerenderingchange');

shazzerEvents.add('onreadystatechange');

shazzerEvents.add('onresume');

shazzerEvents.add('onscrollsnapchange');

Distributed Fuzzing

Difference between browser-supported handlers and Shazzer 'events' list

Sample payloads

Fuzz results