Shazzer logo

    Characters appended at the end of TLD within URL, which yield in the same Origin

    Chrome logo 275

    Characters ignored in URL, which yield in the same Origin

    Created by: hansmach1ne

    Created on: Sunday, January 5, 2025 at 1:47:40 AM

    Updated on: Wednesday, May 28, 2025 at 11:16:44 AM


    Vector type: JS

    Vector charset: UTF-8

    Template used:
    if (new URL("https://google.com$[chr]$[chr]/endpoint").origin=="https://google.com"){log($[i])}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    if (new URL("https://google.com		/endpoint").origin=="https://google.com"){alert(9)}
    if (new URL("https://google.com##/endpoint").origin=="https://google.com"){alert(35)}
    if (new URL("https://google.com///endpoint").origin=="https://google.com"){alert(47)}
    if (new URL("https://google.com??/endpoint").origin=="https://google.com"){alert(63)}
    if (new URL("https://google.com\\/endpoint").origin=="https://google.com"){alert(92)}
    if (new URL("https://google.com­­/endpoint").origin=="https://google.com"){alert(173)}
    if (new URL("https://google.com͏͏/endpoint").origin=="https://google.com"){alert(847)}
    if (new URL("https://google.com᠋᠋/endpoint").origin=="https://google.com"){alert(6155)}
    if (new URL("https://google.com᠌᠌/endpoint").origin=="https://google.com"){alert(6156)}
    if (new URL("https://google.com᠍᠍/endpoint").origin=="https://google.com"){alert(6157)}
    if (new URL("https://google.com᠏᠏/endpoint").origin=="https://google.com"){alert(6159)}
    if (new URL("https://google.com​​/endpoint").origin=="https://google.com"){alert(8203)}
    if (new URL("https://google.com⁠⁠/endpoint").origin=="https://google.com"){alert(8288)}
    if (new URL("https://google.com⁤⁤/endpoint").origin=="https://google.com"){alert(8292)}
    if (new URL("https://google.com︀︀/endpoint").origin=="https://google.com"){alert(65024)}
    if (new URL("https://google.com︁︁/endpoint").origin=="https://google.com"){alert(65025)}
    if (new URL("https://google.com︂︂/endpoint").origin=="https://google.com"){alert(65026)}
    if (new URL("https://google.com︃︃/endpoint").origin=="https://google.com"){alert(65027)}
    if (new URL("https://google.com︄︄/endpoint").origin=="https://google.com"){alert(65028)}
    if (new URL("https://google.com︅︅/endpoint").origin=="https://google.com"){alert(65029)}

    Fuzz results

    Chrome logo
    Chrome 131.0.0.0 desktop Windows NT 10.0

    Updated

    Sun Jan 05 2025
    Found 275 results
    Loading...
    Chrome logo
    Chrome 137.0.0.0 mobile Android 10

    Updated

    Thu Jul 24 2025
    Found 31 results
    Loading...