Chars allowed between src and = in img tag

Shows characters that are allowed between src and = in an img tag.

Created byrootd4ddy

Created Mar 2, 2025

Updated May 28, 2025

Detecting browser...

CategoryHTML Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

Code used before fuzz:

<script>0x0D
window.onerror = () => true; 0x0D
</script>0x0D

Template used:

<img src$[chr]=data:text/plain, id="testImg">

Code used after fuzz:

const img = document.getElementById('testImg');0x0D
if (img.hasAttribute('src') && img.getAttribute('src') === 'data:text/plain,') {0x0D
    log($[i]);0x0D
}

Sample payloads

<img src0x09=data:text/plain, id="testImg">

<img src
=data:text/plain, id="testImg">

<img src0x0C=data:text/plain, id="testImg">

<img src0x0D=data:text/plain, id="testImg">

<img src =data:text/plain, id="testImg">

Chars allowed between src and = in img tag

Shows characters that are allowed between src and = in an img tag.

Created byrootd4ddy

Created Mar 2, 2025

Updated May 28, 2025

Detecting browser...

CategoryHTML Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

Code used before fuzz:

<script>0x0D
window.onerror = () => true; 0x0D
</script>0x0D

Template used:

<img src$[chr]=data:text/plain, id="testImg">

Code used after fuzz:

const img = document.getElementById('testImg');0x0D
if (img.hasAttribute('src') && img.getAttribute('src') === 'data:text/plain,') {0x0D
    log($[i]);0x0D
}

Sample payloads

<img src0x09=data:text/plain, id="testImg">

<img src
=data:text/plain, id="testImg">

<img src0x0C=data:text/plain, id="testImg">

<img src0x0D=data:text/plain, id="testImg">

<img src =data:text/plain, id="testImg">

Chars allowed between src and = in img tag

Sample payloads

Fuzz results

Chars allowed between src and = in img tag

Sample payloads

Fuzz results

Distributed Fuzzing

Chars allowed between src and = in img tag

Sample payloads

Fuzz results

Chars allowed between src and = in img tag

Sample payloads

Fuzz results