All categories
Browser Quirks
CSS Parsing
Character Encoding
DOM Behavior
Entity Parsing
HTML Parsing
JavaScript Syntax
Regular Expressions
URL Handling
XML Parsing
XSS Execution
Login
Home
Vectors
All vectors
Categories
Browser diffs
RSS
Network
Tools
Cheat sheet
Unicode table
Dynamic template
Blog
Blog home
RSS
Help
Home
Vectors
All vectors
Categories
Browser diffs
RSS
Network
Tools
Cheat sheet
Unicode table
Dynamic template
Blog
Blog home
RSS
Help
Mutating...
disconnected
Distributed Fuzzing
Enabled:
Status:
disconnected
Your browser automatically contributes to distributed fuzzing when idle.
All Vectors
Vector name
User
Created
Type
Likes
⚠ Browser differences
2.1k
1
2.1k
Chars in href that will not default to full URL
joaxcar
11/16/2024
XSS
0
5
5
5
5
Characters allowed in path traversal
joaxcar
8/26/2024
JS
0
1
1
1
CSS inline property definition
hipotermia
3/12/2025
HTML
0
3
3
3
Characters that can be inside the javascript protocol
hipotermia
1/22/2025
XSS
0
6
6
6
Allowed characters right after tag name & before tag closure, no other characters in between
hansmach1ne
1/9/2025
XSS
0
25
25
25
Loose comparison, characters appended which still result in type coercion
hansmach1ne
1/6/2025
JS
1
1
1
1
Difference between browser-supported handlers and Shazzer 'all_browser_events' list
hansmach1ne
1/5/2025
JS
0
⚠ Browser differences
28
16
23
Difference between browser-supported handlers and Shazzer 'events' list
hansmach1ne
1/5/2025
JS
0
47
47
47
Characters appended at the end of TLD within URL, which yield in the same Origin
hansmach1ne
1/5/2025
JS
2
1
1
1
1
Characters allowed in-between hyphens
hackvertor
4/14/2024
XSS
1
⚠ Browser differences
8
9
8
9
Tags that stop style
hackvertor
4/9/2024
HTML
0
25
25
25
25
Characters allowed in-between operators
hackvertor
4/14/2024
JS
2
13
13
13
13
Characters that act like new line or single line comment
hackvertor
4/13/2024
JS
0
4
4
4
4
Characters that act as new lines in multi line strings
hackvertor
6/20/2024
JS
1
1
1
1
1
Characters ignored after backslash with multiline string
hackvertor
6/18/2024
JS
0
6
6
6
Characters allowed before onerror events
hackvertor
3/30/2024
XSS
0
13
13
13
13
Properties are accessible in a sandboxed iframe
hackvertor
6/7/2024
JS
0
1
1
1
1
Properties that leak the parent URL even when sandboxed
hackvertor
6/6/2024
JS
0
31
31
31
31
Characters allowed after greater than in events
hackvertor
6/21/2024
XSS
0
1
1
1
1
Properties that are accessible on location
hackvertor
6/7/2024
JS
0
Found
245
records
Page 3 of 13
«
1
2
3
4
5
6
7
8
9
10
»
