Shazzer logo
Login

Characters appended at the end of TLD within URL, which yield in the same host property

Firefox logo 47
Edge logo 47
Chrome logo 47

Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine

Created by: InsertScript

Created on: Friday, January 10, 2025 at 10:24:54 AM

Updated on: Wednesday, May 28, 2025 at 5:06:20 PM


Category: URL Handling

Vector visibility: Public

Vector type: JS

Vector charset: UTF-8

Template used:
if (new URL("https://google.com$[chr]$[chr]/endpoint").host=="google.com"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL("https://google.com0x090x09/endpoint").host=="google.com"){alert(9)}
if (new URL("https://google.com##/endpoint").host=="google.com"){alert(35)}
if (new URL("https://google.com///endpoint").host=="google.com"){alert(47)}
if (new URL("https://google.com??/endpoint").host=="google.com"){alert(63)}
if (new URL("https://google.com\\/endpoint").host=="google.com"){alert(92)}
if (new URL("https://google.com­­/endpoint").host=="google.com"){alert(173)}
if (new URL("https://google.com͏͏/endpoint").host=="google.com"){alert(847)}
if (new URL("https://google.comᅟᅟ/endpoint").host=="google.com"){alert(4447)}
if (new URL("https://google.comᅠᅠ/endpoint").host=="google.com"){alert(4448)}
if (new URL("https://google.com឴឴/endpoint").host=="google.com"){alert(6068)}
if (new URL("https://google.com឵឵/endpoint").host=="google.com"){alert(6069)}
if (new URL("https://google.com᠋᠋/endpoint").host=="google.com"){alert(6155)}
if (new URL("https://google.com᠌᠌/endpoint").host=="google.com"){alert(6156)}
if (new URL("https://google.com᠍᠍/endpoint").host=="google.com"){alert(6157)}
if (new URL("https://google.com᠎᠎/endpoint").host=="google.com"){alert(6158)}
if (new URL("https://google.com᠏᠏/endpoint").host=="google.com"){alert(6159)}
if (new URL("https://google.com​​/endpoint").host=="google.com"){alert(8203)}
if (new URL("https://google.com⁠⁠/endpoint").host=="google.com"){alert(8288)}
if (new URL("https://google.com⁡⁡/endpoint").host=="google.com"){alert(8289)}
if (new URL("https://google.com⁢⁢/endpoint").host=="google.com"){alert(8290)}

Fuzz results

Chrome logo
Chrome 144.0.0.0 desktop Windows NT 10.0

Updated

Sun Jan 25 2026
Found 47 results
Loading...
Chrome logo
Chrome 137.0.0.0 desktop macOS 10.15.7older version

Updated

Tue May 27 2025
Found 31 results
Loading...
Firefox logo
Firefox 147.0 desktop Windows NT 10.0

Updated

Tue Jan 27 2026
Found 47 results
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0

Updated

Mon Jan 26 2026
Found 47 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.