Shazzer logo

    Entities that cause an external URL before @

    This vector shows what entities cause an external URL when used before an @

    Created by: hackvertor

    Created on: Wednesday, September 25, 2024 at 7:57:28 AM

    Updated on: Saturday, September 28, 2024 at 4:16:35 AM

    Vector type: XSS

    Code used before fuzz:
    const div = document.createElement('div');
    Template used:
    div.innerHTML=`<a href="https://psres.net$[data1]@example.com" id=x>test</a>`;
    Code used after fuzz:
    if(x.host !== 'example.com') {
   log('$[data1]');
}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    div.innerHTML=`<a href="https://psres.net&bsol;@example.com" id=x>test</a>`;
    div.innerHTML=`<a href="https://psres.net&num;@example.com" id=x>test</a>`;
    div.innerHTML=`<a href="https://psres.net&quest;@example.com" id=x>test</a>`;
    div.innerHTML=`<a href="https://psres.net&sol;@example.com" id=x>test</a>`;

    Fuzz results

    Chrome logo
    Chrome 129.0.0.0 desktop macOS 10.15.7
    Wed Sep 25 2024
    Found 4 results
    Data
    &bsol;
    Data
    &num;
    Data
    &quest;
    Data
    &sol;
    Firefox logo
    Firefox 130.0 desktop macOS 10.15
    Wed Sep 25 2024
    Found 4 results
    Data
    &bsol;
    Data
    &num;
    Data
    &quest;
    Data
    &sol;
    Safari logo
    Safari 18.0 desktop macOS 10.15.7
    Wed Sep 25 2024
    Found 4 results
    Data
    &bsol;
    Data
    &num;
    Data
    &quest;
    Data
    &sol;
    Chrome logo
    Chrome 129.0.0.0 desktop Windows NT 10.0
    Thu Sep 26 2024
    Found 4 results
    Data
    &bsol;
    Data
    &num;
    Data
    &quest;
    Data
    &sol;