Properties that leak the parent URL even when sandboxed
This vector shows all the properties in window and document that contain a URL that leaks the parent URL even when sandboxed.
Created by: hackvertor
Created on: Thursday, June 6, 2024 at 11:25:57 AM
Updated on: Friday, July 19, 2024 at 3:45:11 AM
Vector type: JS
Code used before fuzz:
const regex = /(?:https?):\/\/shazzer[.]co[.]uk/;
Object.getOwnPropertyNames(window).forEach(prop => {
try{
regex.test(window[prop]+'')&&log('window.'+prop)
}catch{}
});
for(const prop in document){
try{
regex.test(document[prop]+'')&&log('document.'+prop);
} catch{}
}
Template used:
1337
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
1337
Fuzz results
![Chrome logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fchrome.png&w=64&q=75)
Chrome 125.0.0.0 desktop macOS 10.15.7
Found 1 result
Data |
---|
document.baseURI |
![Safari logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fsafari.png&w=64&q=75)
Safari 17.4 desktop macOS 10.15.7
Found 1 result
Data |
---|
document.baseURI |
![Firefox logo](/_next/image?url=%2Flogos%2Fbrowsers%2Ffirefox.png&w=64&q=75)
Firefox 126.0 desktop macOS 10.15
Found 1 result
Data |
---|
document.baseURI |
![Safari logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fsafari.png&w=64&q=75)
Safari 17.5 mobile iOS 17.5.1
Found 1 result
Data |
---|
document.baseURI |