If you check out the demo you see all of the options available to fuzz:
Number of characters – This inserts between 1 and 10 characters in the chosen position
Character position – The string position of the characters chosen. E.g. if you choose â€œ0â€³ then the â€œjâ€ will be replaced or appended.
Replace character – Simply replaces the character rather than add characters to the position.
Url encode – Urlencodes the vector before outputting the link.
HTML hex entity encode – Instead of output the character, it uses the HTML hex entity instead.
HTML dec entity encode – Instead of output the character, it uses the HTML decimal entity instead.
Semi-colons – Adds a semi-colon if HTML entities are used.
Random zero fill – Adds a bunch of random zeros if entities are used.
Start from – Is the starting character to begin the fuzz. E.g â€œ0â€³ is null
He has also found interesting results in various browsers such as:
- <a href="jav�ascript:al�ert(1)">test</a>