Valid characters before domain 1



Import from old 1
Created by: avlidienbrunn
Created on: Wednesday, April 10, 2024 at 8:21:32 AM
Updated on: Monday, March 31, 2025 at 2:45:44 AM
Vector type: XSS
Vector charset: UTF-8
Template used:
<a href="https://$[chr]example.com/" id="test$[i]"></a>
Code used after fuzz:
if(document.getElementById("test$[i]").host=="example.com"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="https:// example.com/" id="test9"></a>
<a href="https://
example.com/" id="test10"></a>
<a href="https://
example.com/" id="test13"></a>
<a href="https:///example.com/" id="test47"></a>
<a href="https://@example.com/" id="test64"></a>
<a href="https://\example.com/" id="test92"></a>
<a href="https://example.com/" id="test173"></a>
<a href="https://͏example.com/" id="test847"></a>
<a href="https://᠋example.com/" id="test6155"></a>
<a href="https://᠌example.com/" id="test6156"></a>
<a href="https://᠍example.com/" id="test6157"></a>
<a href="https://᠏example.com/" id="test6159"></a>
<a href="https://example.com/" id="test8203"></a>
<a href="https://example.com/" id="test8288"></a>
<a href="https://example.com/" id="test8292"></a>
<a href="https://︀example.com/" id="test65024"></a>
<a href="https://︁example.com/" id="test65025"></a>
<a href="https://︂example.com/" id="test65026"></a>
<a href="https://︃example.com/" id="test65027"></a>
<a href="https://︄example.com/" id="test65028"></a>
Fuzz results

Firefox 124.0 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...

Safari 17.4 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...

Chrome 123.0.6312.52 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...