masato - braves parsing finding
16
16Trying to see what elements behave weird in brave regarding.
Created by: InsertScript
Created on: Sunday, August 3, 2025 at 8:22:31 AM
Updated on: Sunday, August 3, 2025 at 8:22:31 AM
Vector type: XSS
Vector charset: UTF-8
Vector data 1: html
Template used:
<div id="x$[data1]"><$[data1] x="test=123>&bbb"></$[data1]></div>
<script>
window["x$[data1]"].innerHTML=window["x$[data1]"].innerHTML;
if (window["x$[data1]"].firstChild.getAttribute("test") == 123)
{
log('$[data1]')
}
</script>Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<div id="xa"><a x="test=123>&bbb"></a></div>
<script>
window["xa"].innerHTML=window["xa"].innerHTML;
if (window["xa"].firstChild.getAttribute("test") == 123)
{
alert('a')
}
</script><div id="xb"><b x="test=123>&bbb"></b></div>
<script>
window["xb"].innerHTML=window["xb"].innerHTML;
if (window["xb"].firstChild.getAttribute("test") == 123)
{
alert('b')
}
</script><div id="xbr"><br x="test=123>&bbb"></br></div>
<script>
window["xbr"].innerHTML=window["xbr"].innerHTML;
if (window["xbr"].firstChild.getAttribute("test") == 123)
{
alert('br')
}
</script><div id="xbutton"><button x="test=123>&bbb"></button></div>
<script>
window["xbutton"].innerHTML=window["xbutton"].innerHTML;
if (window["xbutton"].firstChild.getAttribute("test") == 123)
{
alert('button')
}
</script><div id="xdiv"><div x="test=123>&bbb"></div></div>
<script>
window["xdiv"].innerHTML=window["xdiv"].innerHTML;
if (window["xdiv"].firstChild.getAttribute("test") == 123)
{
alert('div')
}
</script><div id="xfooter"><footer x="test=123>&bbb"></footer></div>
<script>
window["xfooter"].innerHTML=window["xfooter"].innerHTML;
if (window["xfooter"].firstChild.getAttribute("test") == 123)
{
alert('footer')
}
</script><div id="xi"><i x="test=123>&bbb"></i></div>
<script>
window["xi"].innerHTML=window["xi"].innerHTML;
if (window["xi"].firstChild.getAttribute("test") == 123)
{
alert('i')
}
</script><div id="xinput"><input x="test=123>&bbb"></input></div>
<script>
window["xinput"].innerHTML=window["xinput"].innerHTML;
if (window["xinput"].firstChild.getAttribute("test") == 123)
{
alert('input')
}
</script><div id="xlabel"><label x="test=123>&bbb"></label></div>
<script>
window["xlabel"].innerHTML=window["xlabel"].innerHTML;
if (window["xlabel"].firstChild.getAttribute("test") == 123)
{
alert('label')
}
</script><div id="xli"><li x="test=123>&bbb"></li></div>
<script>
window["xli"].innerHTML=window["xli"].innerHTML;
if (window["xli"].firstChild.getAttribute("test") == 123)
{
alert('li')
}
</script><div id="xol"><ol x="test=123>&bbb"></ol></div>
<script>
window["xol"].innerHTML=window["xol"].innerHTML;
if (window["xol"].firstChild.getAttribute("test") == 123)
{
alert('ol')
}
</script><div id="xp"><p x="test=123>&bbb"></p></div>
<script>
window["xp"].innerHTML=window["xp"].innerHTML;
if (window["xp"].firstChild.getAttribute("test") == 123)
{
alert('p')
}
</script><div id="xselect"><select x="test=123>&bbb"></select></div>
<script>
window["xselect"].innerHTML=window["xselect"].innerHTML;
if (window["xselect"].firstChild.getAttribute("test") == 123)
{
alert('select')
}
</script><div id="xspan"><span x="test=123>&bbb"></span></div>
<script>
window["xspan"].innerHTML=window["xspan"].innerHTML;
if (window["xspan"].firstChild.getAttribute("test") == 123)
{
alert('span')
}
</script><div id="xstrong"><strong x="test=123>&bbb"></strong></div>
<script>
window["xstrong"].innerHTML=window["xstrong"].innerHTML;
if (window["xstrong"].firstChild.getAttribute("test") == 123)
{
alert('strong')
}
</script><div id="xul"><ul x="test=123>&bbb"></ul></div>
<script>
window["xul"].innerHTML=window["xul"].innerHTML;
if (window["xul"].firstChild.getAttribute("test") == 123)
{
alert('ul')
}
</script>Fuzz results
Microsoft Edge 138.0.0.0 desktop Windows NT 10.0
Updated
Sun Aug 03 2025
Found 16 results
Loading...
Chrome 138.0.0.0 desktop Windows NT 10.0
Updated
Sun Aug 03 2025
Found 16 results
Loading...