Valid characters before domain 1
32
32
32Import from old 1
Created by: avlidienbrunn
Created on: Wednesday, April 10, 2024 at 8:21:32 AM
Updated on: Thursday, May 15, 2025 at 12:59:05 PM
Vector type: XSS
Vector charset: UTF-8
Template used:
<a href="https://$[chr]example.com/" id="test$[i]"></a>
Code used after fuzz:
if(document.getElementById("test$[i]").host=="example.com"){log($[i])}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="https:// example.com/" id="test9"></a>
<a href="https://
example.com/" id="test10"></a>
<a href="https://
example.com/" id="test13"></a>
<a href="https:///example.com/" id="test47"></a>
<a href="https://@example.com/" id="test64"></a>
<a href="https://\example.com/" id="test92"></a>
<a href="https://example.com/" id="test173"></a>
<a href="https://͏example.com/" id="test847"></a>
<a href="https://᠋example.com/" id="test6155"></a>
<a href="https://᠌example.com/" id="test6156"></a>
<a href="https://᠍example.com/" id="test6157"></a>
<a href="https://᠏example.com/" id="test6159"></a>
<a href="https://example.com/" id="test8203"></a>
<a href="https://example.com/" id="test8288"></a>
<a href="https://example.com/" id="test8292"></a>
<a href="https://︀example.com/" id="test65024"></a>
<a href="https://︁example.com/" id="test65025"></a>
<a href="https://︂example.com/" id="test65026"></a>
<a href="https://︃example.com/" id="test65027"></a>
<a href="https://︄example.com/" id="test65028"></a>
Fuzz results
Firefox 124.0 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...
Safari 17.4 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...
Chrome 123.0.6312.52 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...