Characters not urlencoded when using the credentials part of the URL
75
75
74
This vector shows which characters are not encoded in the credentials part of the URL.
Created by: hackvertor
Created on: Tuesday, May 28, 2024 at 10:11:36 PM
Updated on: Friday, December 6, 2024 at 11:38:49 PM
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const anchor = document.createElement('a');
Template used:
anchor.href='//example.com';
anchor.username = String.fromCodePoint($[i]);
if(!/%/.test(anchor+''))log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
anchor.href='//example.com';
anchor.username = String.fromCodePoint(33);
if(!/%/.test(anchor+''))alert(33)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(36);
if(!/%/.test(anchor+''))alert(36)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(38);
if(!/%/.test(anchor+''))alert(38)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(39);
if(!/%/.test(anchor+''))alert(39)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(40);
if(!/%/.test(anchor+''))alert(40)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(41);
if(!/%/.test(anchor+''))alert(41)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(42);
if(!/%/.test(anchor+''))alert(42)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(43);
if(!/%/.test(anchor+''))alert(43)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(44);
if(!/%/.test(anchor+''))alert(44)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(45);
if(!/%/.test(anchor+''))alert(45)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(46);
if(!/%/.test(anchor+''))alert(46)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(48);
if(!/%/.test(anchor+''))alert(48)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(49);
if(!/%/.test(anchor+''))alert(49)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(50);
if(!/%/.test(anchor+''))alert(50)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(51);
if(!/%/.test(anchor+''))alert(51)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(52);
if(!/%/.test(anchor+''))alert(52)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(53);
if(!/%/.test(anchor+''))alert(53)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(54);
if(!/%/.test(anchor+''))alert(54)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(55);
if(!/%/.test(anchor+''))alert(55)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(56);
if(!/%/.test(anchor+''))alert(56)
Fuzz results
Firefox 126.0 Unknown Unknown
Updated
Tue May 28 2024
Found 75 results
Loading...
Safari 17.4 Unknown Unknown
Updated
Tue May 28 2024
Found 75 results
Loading...
Chrome 125.0.0.0 Unknown Unknown
Updated
Tue May 28 2024
Found 74 results
Loading...
Safari 17.5 mobile iOS 17.5.1
Updated
Wed Jun 05 2024
Found 75 results
Loading...
Chrome 129.0.0.0 desktop macOS 10.15.7
Updated
Tue Sep 24 2024
Found 74 results
Loading...
Firefox 130.0 desktop macOS 10.15
Updated
Tue Sep 24 2024
Found 75 results
Loading...