Unicode characters that get normalized into path traversal characters
12This vector performs normalization and compares to see if the characters get normalized into path traversal characters
Created by: hackvertor
Created on: Thursday, December 12, 2024 at 12:54:59 PM
Updated on: Friday, February 21, 2025 at 5:25:16 PM
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const charsToCheck = ["\\","/","."];
const normalizationForms = ["NFKC", "NFC", "NFD", "NFKD"];
Template used:
$[i] > 0x7f && normalizationForms.forEach(form => {
const normalized = String.fromCodePoint($[i]).normalize(form);
for(let charToCheck of charsToCheck) {
if(charToCheck === normalized) {
log(String.fromCodePoint($[i])+"("+form+")"+"="+charToCheck);
}
}
})Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
0 > 0x7f && normalizationForms.forEach(form => {
const normalized = String.fromCodePoint(0).normalize(form);
for(let charToCheck of charsToCheck) {
if(charToCheck === normalized) {
alert(String.fromCodePoint(0)+"("+form+")"+"="+charToCheck);
}
}
})Fuzz results
Chrome 131.0.0.0 desktop macOS 10.15.7
Updated
Thu Dec 12 2024
Found 12 results
Loading...
Chrome 131.0.0.0 desktop Windows NT 10.0
Updated
Sun Jan 05 2025
Found 12 results
Loading...