Entities that cause an external URL before @
4
4
4
This vector shows what entities cause an external URL when used before an @
Created by: hackvertor
Created on: Wednesday, September 25, 2024 at 7:57:28 AM
Updated on: Sunday, September 29, 2024 at 8:57:17 AM
Vector type: XSS
Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML=`<a href="https://psres.net$[data1]@example.com" id=x>test</a>`;
Code used after fuzz:
if(x.host !== 'example.com') {
log('$[data1]');
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
div.innerHTML=`<a href="https://psres.net\@example.com" id=x>test</a>`;
div.innerHTML=`<a href="https://psres.net#@example.com" id=x>test</a>`;
div.innerHTML=`<a href="https://psres.net?@example.com" id=x>test</a>`;
div.innerHTML=`<a href="https://psres.net/@example.com" id=x>test</a>`;
Fuzz results
Chrome 129.0.0.0 desktop macOS 10.15.7
Updated
Wed Sep 25 2024
Found 4 results
Data |
---|
\ |
Data |
---|
# |
Data |
---|
? |
Data |
---|
/ |
Firefox 130.0 desktop macOS 10.15
Updated
Wed Sep 25 2024
Found 4 results
Data |
---|
\ |
Data |
---|
# |
Data |
---|
? |
Data |
---|
/ |
Safari 18.0 desktop macOS 10.15.7
Updated
Wed Sep 25 2024
Found 4 results
Data |
---|
\ |
Data |
---|
# |
Data |
---|
? |
Data |
---|
/ |
Chrome 129.0.0.0 desktop Windows NT 10.0
Updated
Thu Sep 26 2024
Found 4 results
Data |
---|
\ |
Data |
---|
# |
Data |
---|
? |
Data |
---|
/ |