Shazzer logo
Login

Characters appended at the end of TLD within URL, which yield in the same Origin

Edge logo 47
Chrome logo 47
Firefox logo 47

Characters ignored in URL, which yield in the same Origin

Created by: hansmach1ne

Created on: Sunday, January 5, 2025 at 1:47:40 AM

Updated on: Wednesday, May 28, 2025 at 11:16:44 AM


Category: URL Handling

Vector visibility: Public

Vector type: JS

Vector charset: UTF-8

Template used:
if (new URL("https://google.com$[chr]$[chr]/endpoint").origin=="https://google.com"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL("https://google.com0x090x09/endpoint").origin=="https://google.com"){alert(9)}
if (new URL("https://google.com##/endpoint").origin=="https://google.com"){alert(35)}
if (new URL("https://google.com///endpoint").origin=="https://google.com"){alert(47)}
if (new URL("https://google.com??/endpoint").origin=="https://google.com"){alert(63)}
if (new URL("https://google.com\\/endpoint").origin=="https://google.com"){alert(92)}
if (new URL("https://google.com­­/endpoint").origin=="https://google.com"){alert(173)}
if (new URL("https://google.com͏͏/endpoint").origin=="https://google.com"){alert(847)}
if (new URL("https://google.comᅟᅟ/endpoint").origin=="https://google.com"){alert(4447)}
if (new URL("https://google.comᅠᅠ/endpoint").origin=="https://google.com"){alert(4448)}
if (new URL("https://google.com឴឴/endpoint").origin=="https://google.com"){alert(6068)}
if (new URL("https://google.com឵឵/endpoint").origin=="https://google.com"){alert(6069)}
if (new URL("https://google.com᠋᠋/endpoint").origin=="https://google.com"){alert(6155)}
if (new URL("https://google.com᠌᠌/endpoint").origin=="https://google.com"){alert(6156)}
if (new URL("https://google.com᠍᠍/endpoint").origin=="https://google.com"){alert(6157)}
if (new URL("https://google.com᠎᠎/endpoint").origin=="https://google.com"){alert(6158)}
if (new URL("https://google.com᠏᠏/endpoint").origin=="https://google.com"){alert(6159)}
if (new URL("https://google.com​​/endpoint").origin=="https://google.com"){alert(8203)}
if (new URL("https://google.com⁠⁠/endpoint").origin=="https://google.com"){alert(8288)}
if (new URL("https://google.com⁡⁡/endpoint").origin=="https://google.com"){alert(8289)}
if (new URL("https://google.com⁢⁢/endpoint").origin=="https://google.com"){alert(8290)}

Fuzz results

Chrome logo
Chrome 144.0.0.0 desktop Windows NT 10.0

Updated

Sun Jan 25 2026
Found 47 results
Loading...
Chrome logo
Chrome 137.0.0.0 mobile Android 10older version

Updated

Thu Jul 24 2025
Found 31 results
Loading...
Firefox logo
Firefox 146.0 desktop macOS 10.15

Updated

Sun Dec 21 2025
Found 47 results
Loading...
Edge logo
Microsoft Edge 143.0.0.0 desktop Windows NT 10.0

Updated

Mon Jan 26 2026
Found 47 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.