Characters unencoded characters supported in the hash
89
89
89This vector shows which unencoded characters are allowed in the hash
Created by: hackvertor
Created on: Tuesday, September 24, 2024 at 12:33:51 PM
Updated on: Tuesday, May 27, 2025 at 3:37:04 PM
Category: URL Handling
Vector visibility: Public
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const anchor = document.createElement('a');Template used:
anchor.href='//example.com';0x0D
let chr = String.fromCodePoint($[i]);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))log($[i])Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(33);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(33)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(36);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(36)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(37);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(37)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(38);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(38)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(39);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(39)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(40);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(40)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(41);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(41)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(42);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(42)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(43);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(43)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(44);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(44)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(45);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(45)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(46);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(46)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(47);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(47)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(48);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(48)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(49);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(49)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(50);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(50)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(51);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(51)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(52);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(52)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(53);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(53)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(54);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(54)Fuzz results
Chrome 129.0.0.0 desktop macOS 10.15.7
Updated
Tue Sep 24 2024
Found 89 results
Loading...
Firefox 130.0 desktop macOS 10.15
Updated
Tue Sep 24 2024
Found 89 results
Loading...
Safari 18.0 desktop macOS 10.15.7
Updated
Tue Sep 24 2024
Found 89 results
Loading...