Entities that cause an external URL before @

Chrome logo 4
Firefox logo 4
Safari logo 4

This vector shows what entities cause an external URL when used before an @

Created by: hackvertor

Created on: Wednesday, September 25, 2024 at 7:57:28 AM

Updated on: Sunday, September 29, 2024 at 8:57:17 AM

Vector type: XSS

Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML=`<a href="https://psres.net$[data1]@example.com" id=x>test</a>`;
Code used after fuzz:
if(x.host !== 'example.com') {
   log('$[data1]');
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML=`<a href="https://psres.net&bsol;@example.com" id=x>test</a>`;
div.innerHTML=`<a href="https://psres.net&num;@example.com" id=x>test</a>`;
div.innerHTML=`<a href="https://psres.net&quest;@example.com" id=x>test</a>`;
div.innerHTML=`<a href="https://psres.net&sol;@example.com" id=x>test</a>`;

Fuzz results

Chrome logo
Chrome 129.0.0.0 desktop macOS 10.15.7

Updated

Wed Sep 25 2024
Found 4 results
Data
&bsol;
Data
&num;
Data
&quest;
Data
&sol;
Firefox logo
Firefox 130.0 desktop macOS 10.15

Updated

Wed Sep 25 2024
Found 4 results
Data
&bsol;
Data
&num;
Data
&quest;
Data
&sol;
Safari logo
Safari 18.0 desktop macOS 10.15.7

Updated

Wed Sep 25 2024
Found 4 results
Data
&bsol;
Data
&num;
Data
&quest;
Data
&sol;
Chrome logo
Chrome 129.0.0.0 desktop Windows NT 10.0

Updated

Thu Sep 26 2024
Found 4 results
Data
&bsol;
Data
&num;
Data
&quest;
Data
&sol;