masato - braves parsing finding entity test

Trying to see what entity trigger the parsing issue. Should be >

Created by: InsertScript

Created on: Sunday, August 3, 2025 at 9:49:03 AM

Updated on: Sunday, August 3, 2025 at 9:56:20 AM

Category: Entity Parsing

Vector visibility: Public

Vector type: XSS

Vector charset: UTF-8

Vector data 1: html_entities

Template used:

<div id="urlenc($[data1])"><span x="test=123$[data1]&bbb"></span></div>0x0D
<script>0x0D
window["urlenc($[data1])"].innerHTML=window["urlenc($[data1])"].innerHTML;0x0D
if (window["urlenc($[data1])"].firstChild.getAttribute("test") != null)0x0D
{0x0D
log('$[data1]')0x0D
}0x0D
</script>

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<div id="%26gt%3B"><span x="test=123&gt;&bbb"></span></div>0x0D
<script>0x0D
window["%26gt%3B"].innerHTML=window["%26gt%3B"].innerHTML;0x0D
if (window["%26gt%3B"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('&gt;')0x0D
}0x0D
</script>

<div id="%26GT%3B"><span x="test=123&GT;&bbb"></span></div>0x0D
<script>0x0D
window["%26GT%3B"].innerHTML=window["%26GT%3B"].innerHTML;0x0D
if (window["%26GT%3B"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('&GT;')0x0D
}0x0D
</script>

<div id="%26nvgt%3B"><span x="test=123&nvgt;&bbb"></span></div>0x0D
<script>0x0D
window["%26nvgt%3B"].innerHTML=window["%26nvgt%3B"].innerHTML;0x0D
if (window["%26nvgt%3B"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('&nvgt;')0x0D
}0x0D
</script>

<div id="NO_MATCHES"><span x="test=123NO_MATCHES&bbb"></span></div>0x0D
<script>0x0D
window["NO_MATCHES"].innerHTML=window["NO_MATCHES"].innerHTML;0x0D
if (window["NO_MATCHES"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('NO_MATCHES')0x0D
}0x0D
</script>

masato - braves parsing finding entity test

Sample payloads

Fuzz results

Distributed Fuzzing