Entities allowed before slashes which result in an external URL
4
4
4This is an example how you can use the XSS type to fuzz URLs. This one fuzzes entities before double slashes. It uses a base tag to get round the sandboxed iframe problems.
Created by: hackvertor
Created on: Thursday, January 16, 2025 at 7:20:57 PM
Updated on: Thursday, February 20, 2025 at 6:02:10 PM
Vector type: XSS
Vector charset: UTF-8
Code used before fuzz:
<script>window.onerror=x=>true;</script>
<base href="https://example.com" />
Template used:
<a href="$[data1]//example2.com" id=x></a>
Code used after fuzz:
x.protocol === 'https:' && x.host === "example2.com" && log('$[data1]')Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="\//example2.com" id=x></a>
<a href="
//example2.com" id=x></a>
<a href="///example2.com" id=x></a>
<a href="	//example2.com" id=x></a>
Fuzz results
Firefox 134.0 desktop macOS 10.15
Updated
Thu Jan 16 2025
Found 4 results
Loading...
Safari 18.2 mobile iOS 18.2.1
Updated
Thu Jan 16 2025
Found 4 results
Loading...
Chrome 132.0.0.0 desktop macOS 10.15.7
Updated
Fri Jan 17 2025
Found 4 results
Loading...
Safari 18.2 desktop macOS 10.15.7
Updated
Fri Jan 17 2025
Found 4 results
Loading...