Characters prepended to URL, which yield in the same host property

Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine

Created Jan 10, 2025

Updated May 27, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeJS

CharsetUTF-8

Template used:

if (new URL("https://$[chr]google.com/endpoint").host=="google.com"){log($[i])}

Sample payloads

if (new URL("https://0x09google.com/endpoint").host=="google.com"){alert(9)}

if (new URL("https:///google.com/endpoint").host=="google.com"){alert(47)}

if (new URL("https://@google.com/endpoint").host=="google.com"){alert(64)}

if (new URL("https://\google.com/endpoint").host=="google.com"){alert(92)}

if (new URL("https://google.com/endpoint").host=="google.com"){alert(173)}

if (new URL("https://͏google.com/endpoint").host=="google.com"){alert(847)}

if (new URL("https://ᅟgoogle.com/endpoint").host=="google.com"){alert(4447)}

if (new URL("https://ᅠgoogle.com/endpoint").host=="google.com"){alert(4448)}

if (new URL("https://឴google.com/endpoint").host=="google.com"){alert(6068)}

if (new URL("https://឵google.com/endpoint").host=="google.com"){alert(6069)}

if (new URL("https://᠋google.com/endpoint").host=="google.com"){alert(6155)}

if (new URL("https://᠌google.com/endpoint").host=="google.com"){alert(6156)}

if (new URL("https://᠍google.com/endpoint").host=="google.com"){alert(6157)}

if (new URL("https://᠎google.com/endpoint").host=="google.com"){alert(6158)}

if (new URL("https://᠏google.com/endpoint").host=="google.com"){alert(6159)}

if (new URL("https://google.com/endpoint").host=="google.com"){alert(8203)}

if (new URL("https://⁠google.com/endpoint").host=="google.com"){alert(8288)}

if (new URL("https://⁡google.com/endpoint").host=="google.com"){alert(8289)}

if (new URL("https://⁢google.com/endpoint").host=="google.com"){alert(8290)}

if (new URL("https://⁣google.com/endpoint").host=="google.com"){alert(8291)}