Characters appended at the end of TLD within URL, which yield in the same host property

Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
Created by: InsertScript
Created on: Friday, January 10, 2025 at 10:24:54 AM
Updated on: Wednesday, May 28, 2025 at 5:06:20 PM
Vector type: JS
Vector charset: UTF-8
Template used:
if (new URL("https://google.com$[chr]$[chr]/endpoint").host=="google.com"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
if (new URL("https://google.com /endpoint").host=="google.com"){alert(9)}
if (new URL("https://google.com##/endpoint").host=="google.com"){alert(35)}
if (new URL("https://google.com///endpoint").host=="google.com"){alert(47)}
if (new URL("https://google.com??/endpoint").host=="google.com"){alert(63)}
if (new URL("https://google.com\\/endpoint").host=="google.com"){alert(92)}
if (new URL("https://google.com/endpoint").host=="google.com"){alert(173)}
if (new URL("https://google.com͏͏/endpoint").host=="google.com"){alert(847)}
if (new URL("https://google.com᠋᠋/endpoint").host=="google.com"){alert(6155)}
if (new URL("https://google.com᠌᠌/endpoint").host=="google.com"){alert(6156)}
if (new URL("https://google.com᠍᠍/endpoint").host=="google.com"){alert(6157)}
if (new URL("https://google.com᠏᠏/endpoint").host=="google.com"){alert(6159)}
if (new URL("https://google.com/endpoint").host=="google.com"){alert(8203)}
if (new URL("https://google.com/endpoint").host=="google.com"){alert(8288)}
if (new URL("https://google.com/endpoint").host=="google.com"){alert(8292)}
if (new URL("https://google.com︀︀/endpoint").host=="google.com"){alert(65024)}
if (new URL("https://google.com︁︁/endpoint").host=="google.com"){alert(65025)}
if (new URL("https://google.com︂︂/endpoint").host=="google.com"){alert(65026)}
if (new URL("https://google.com︃︃/endpoint").host=="google.com"){alert(65027)}
if (new URL("https://google.com︄︄/endpoint").host=="google.com"){alert(65028)}
if (new URL("https://google.com︅︅/endpoint").host=="google.com"){alert(65029)}
Fuzz results

Chrome 131.0.0.0 desktop Windows NT 10.0
Updated
Fri Jan 10 2025
Found 31 results
Loading...

Chrome 137.0.0.0 desktop macOS 10.15.7
Updated
Tue May 27 2025
Found 31 results
Loading...