Shazzer logo

    Loose comparison, characters appended which still result in type coercion

    Chrome logo 25

    Loose comparison of string with appended character, which still end up type coerced.

    Created by: hansmach1ne

    Created on: Monday, January 6, 2025 at 2:51:50 AM

    Updated on: Tuesday, May 27, 2025 at 10:34:27 AM


    Category: Character Encoding

    Vector visibility: Public

    Vector type: JS

    Vector charset: UTF-8

    Template used:
    if('1337' + String.fromCodePoint($[i]) + String.fromCodePoint($[i]) == 1337){log($[i])}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    if('1337' + String.fromCodePoint(9) + String.fromCodePoint(9) == 1337){alert(9)}
    if('1337' + String.fromCodePoint(10) + String.fromCodePoint(10) == 1337){alert(10)}
    if('1337' + String.fromCodePoint(11) + String.fromCodePoint(11) == 1337){alert(11)}
    if('1337' + String.fromCodePoint(12) + String.fromCodePoint(12) == 1337){alert(12)}
    if('1337' + String.fromCodePoint(13) + String.fromCodePoint(13) == 1337){alert(13)}
    if('1337' + String.fromCodePoint(32) + String.fromCodePoint(32) == 1337){alert(32)}
    if('1337' + String.fromCodePoint(160) + String.fromCodePoint(160) == 1337){alert(160)}
    if('1337' + String.fromCodePoint(5760) + String.fromCodePoint(5760) == 1337){alert(5760)}
    if('1337' + String.fromCodePoint(8192) + String.fromCodePoint(8192) == 1337){alert(8192)}
    if('1337' + String.fromCodePoint(8193) + String.fromCodePoint(8193) == 1337){alert(8193)}
    if('1337' + String.fromCodePoint(8194) + String.fromCodePoint(8194) == 1337){alert(8194)}
    if('1337' + String.fromCodePoint(8195) + String.fromCodePoint(8195) == 1337){alert(8195)}
    if('1337' + String.fromCodePoint(8196) + String.fromCodePoint(8196) == 1337){alert(8196)}
    if('1337' + String.fromCodePoint(8197) + String.fromCodePoint(8197) == 1337){alert(8197)}
    if('1337' + String.fromCodePoint(8198) + String.fromCodePoint(8198) == 1337){alert(8198)}
    if('1337' + String.fromCodePoint(8199) + String.fromCodePoint(8199) == 1337){alert(8199)}
    if('1337' + String.fromCodePoint(8200) + String.fromCodePoint(8200) == 1337){alert(8200)}
    if('1337' + String.fromCodePoint(8201) + String.fromCodePoint(8201) == 1337){alert(8201)}
    if('1337' + String.fromCodePoint(8202) + String.fromCodePoint(8202) == 1337){alert(8202)}
    if('1337' + String.fromCodePoint(8232) + String.fromCodePoint(8232) == 1337){alert(8232)}

    Fuzz results

    Chrome logo
    Chrome 131.0.0.0 desktop Windows NT 10.0

    Updated

    Mon Jan 06 2025
    Found 25 results
    Loading...
    Chrome logo
    Chrome 141.0.0.0 desktop macOS 10.15.7

    Updated

    Thu Oct 30 2025
    Found 25 results
    Loading...