1
1
1
1Injection in src attribute PORT, characters that change hostname
try{0x0D
img = document.createElement("img");0x0D
img.src=`https://example.com:1$[chr]1`;0x0D
url = new URL(img.src);0x0D
if(url.hostname != "example.com"){0x0D
log($[i]);0x0D
}0x0D
} catch{}try{0x0D
img = document.createElement("img");0x0D
img.src=`https://example.com:1@1`;0x0D
url = new URL(img.src);0x0D
if(url.hostname != "example.com"){0x0D
alert(64);0x0D
}0x0D
} catch{}