Characters that can be inserted in the middle of the JS protocol name
/
Created by: cold-try
Created on: Monday, April 15, 2024 at 1:45:27 AM
Updated on: Wednesday, July 3, 2024 at 4:08:05 PM
Vector type: XSS
Template used:
<a id="0" href="j$[chr]avas$[chr]crip$[chr]t:window">craft-me</a>
Code used after fuzz:
if (document.getElementById("0").protocol === "javascript:") { log($[i]) }Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a id="0" href="j avas crip t:window">craft-me</a>
<a id="0" href="j
avas
crip
t:window">craft-me</a>
<a id="0" href="j
avas
crip
t:window">craft-me</a>
Fuzz results
Chrome 123.0.0.0 Unknown Unknown
Found 3 results
| Dec | Hex | Chr |
|---|---|---|
| 9 | 09 | HT |
| Dec | Hex | Chr |
|---|---|---|
| 10 | 0a | LF |
| Dec | Hex | Chr |
|---|---|---|
| 13 | 0d | CR |
Firefox 124.0 Unknown Unknown
Found 3 results
| Dec | Hex | Chr |
|---|---|---|
| 9 | 09 | HT |
| Dec | Hex | Chr |
|---|---|---|
| 10 | 0a | LF |
| Dec | Hex | Chr |
|---|---|---|
| 13 | 0d | CR |
Safari 15.5 Unknown Unknown
Found 3 results
| Dec | Hex | Chr |
|---|---|---|
| 9 | 09 | HT |
| Dec | Hex | Chr |
|---|---|---|
| 10 | 0a | LF |
| Dec | Hex | Chr |
|---|---|---|
| 13 | 0d | CR |