Scheme slash alternatives in URL() when a base is used
32
32
32Characters that cause URL() to treat the provided url as a relative url when a base is used, and as an absolute url when no base is used. Based on the writeup: https://blog.vitorfalcao.com/posts/intigriti-0525-writeup/#checks-vs-usage-a-subtle-difference
Created by: N25sec
Created on: Thursday, May 22, 2025 at 9:03:44 AM
Updated on: Wednesday, May 28, 2025 at 5:06:18 PM
Vector type: JS
Vector charset: UTF-8
Template used:
(new URL("https:" + String.fromCodePoint($[i]) + "example.com","https://shazzer.co.uk").origin === new URL("https://shazzer.co.uk").origin) && (new URL("https:" + String.fromCodePoint($[i]) + "example.com").origin === new URL("https://example.com").origin) && log($[i] + " >> " + String.fromCodePoint($[i]))
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
(new URL("https:" + String.fromCodePoint(0) + "example.com","https://shazzer.co.uk").origin === new URL("https://shazzer.co.uk").origin) && (new URL("https:" + String.fromCodePoint(0) + "example.com").origin === new URL("https://example.com").origin) && alert(0 + " >> " + String.fromCodePoint(0))
Fuzz results
Chrome 137.0.0.0 desktop macOS 10.15.7
Updated
Fri May 23 2025
Found 32 results
Loading...
Chrome 136.0.0.0 desktop Windows NT 10.0
Updated
Mon May 26 2025
Found 32 results
Loading...
Firefox 138.0 desktop macOS 10.15
Updated
Tue May 27 2025
Found 32 results
Loading...
Microsoft Edge 136.0.0.0 desktop Windows NT 10.0
Updated
Wed May 28 2025
Found 32 results
Loading...