Valid characters before domain 1
32
32
32Import from old 1
Created by: avlidienbrunn
Created on: Wednesday, April 10, 2024 at 8:21:32 AM
Updated on: Thursday, April 10, 2025 at 2:42:36 PM
Vector type: XSS
Vector charset: UTF-8
Template used:
<a href="https://$[chr]example.com/" id="test$[i]"></a>
Code used after fuzz:
if(document.getElementById("test$[i]").host=="example.com"){log($[i])}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="https:// example.com/" id="test9"></a>
<a href="https://
example.com/" id="test10"></a>
<a href="https://
example.com/" id="test13"></a>
<a href="https:///example.com/" id="test47"></a>
<a href="https://@example.com/" id="test64"></a>
<a href="https://\example.com/" id="test92"></a>
<a href="https://example.com/" id="test173"></a>
<a href="https://͏example.com/" id="test847"></a>
<a href="https://᠋example.com/" id="test6155"></a>
<a href="https://᠌example.com/" id="test6156"></a>
<a href="https://᠍example.com/" id="test6157"></a>
<a href="https://᠏example.com/" id="test6159"></a>
<a href="https://example.com/" id="test8203"></a>
<a href="https://example.com/" id="test8288"></a>
<a href="https://example.com/" id="test8292"></a>
<a href="https://︀example.com/" id="test65024"></a>
<a href="https://︁example.com/" id="test65025"></a>
<a href="https://︂example.com/" id="test65026"></a>
<a href="https://︃example.com/" id="test65027"></a>
<a href="https://︄example.com/" id="test65028"></a>
Fuzz results
Firefox 124.0 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...
Safari 17.4 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...
Chrome 123.0.6312.52 Unknown Unknown
Updated
Sun Apr 14 2024
Found 32 results
Loading...