Characters allowed before slashes which result in an external URL
34
34
34This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters before double slashes. It uses a base tag to get round the sandboxed iframe problems.
Created by: hackvertor
Created on: Thursday, January 16, 2025 at 7:02:19 PM
Updated on: Thursday, February 20, 2025 at 6:02:11 PM
Vector type: XSS
Vector charset: UTF-8
Code used before fuzz:
<script>window.onerror=x=>true;</script>
<base href="https://example.com" />
Template used:
<a href="$[chr]//example2.com" id=x></a>
Code used after fuzz:
x.protocol === 'https:' && x.host === "example2.com" && log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href=" //example2.com" id=x></a>
<a href="
//example2.com" id=x></a>
<a href="
//example2.com" id=x></a>
<a href="
//example2.com" id=x></a>
<a href="
//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
<a href="//example2.com" id=x></a>
Fuzz results
Firefox 134.0 desktop macOS 10.15
Updated
Thu Jan 16 2025
Found 34 results
Loading...
Safari 18.2 mobile iOS 18.2.1
Updated
Thu Jan 16 2025
Found 34 results
Loading...
Chrome 132.0.0.0 desktop macOS 10.15.7
Updated
Fri Jan 17 2025
Found 34 results
Loading...
Safari 18.2 desktop macOS 10.15.7
Updated
Fri Jan 17 2025
Found 34 results
Loading...