Characters allowed javascript and colon copy2
4Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
Created by: avlidienbrunn
Created on: Sunday, September 29, 2024 at 3:23:28 PM
Updated on: Thursday, October 3, 2024 at 10:31:27 PM
Vector type: JS
Template used:
if (new URL("javascript"+String.fromCodePoint(parseInt($[i]..toString(16),16))+":alert()").protocol=="javascript:"){log($[i])}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
if (new URL("javascript"+String.fromCodePoint(parseInt(9..toString(16),16))+":alert()").protocol=="javascript:"){alert(9)}if (new URL("javascript"+String.fromCodePoint(parseInt(10..toString(16),16))+":alert()").protocol=="javascript:"){alert(10)}if (new URL("javascript"+String.fromCodePoint(parseInt(13..toString(16),16))+":alert()").protocol=="javascript:"){alert(13)}if (new URL("javascript"+String.fromCodePoint(parseInt(58..toString(16),16))+":alert()").protocol=="javascript:"){alert(58)}Fuzz results
Chrome 128.0.0.0 desktop Linux undefined
Updated
Sun Sep 29 2024
Found 4 results
| Dec | Hex | Chr |
|---|---|---|
| 9 | 09 | HT |
| Dec | Hex | Chr |
|---|---|---|
| 10 | 0a | LF |
| Dec | Hex | Chr |
|---|---|---|
| 13 | 0d | CR |
| Dec | Hex | Chr |
|---|---|---|
| 58 | 3a | : |