Injection in src attribute PORT, characters that change hostname
1
1
1
1Injection in src attribute PORT, characters that change hostname
Created by: reindaelman
Created on: Sunday, June 15, 2025 at 6:15:55 PM
Updated on: Sunday, June 15, 2025 at 6:16:39 PM
Detecting browser...
Category: URL Handling
Vector visibility: Public
Vector type: JS
Vector charset: UTF-8
Template used:
try{0x0D
img = document.createElement("img");0x0D
img.src=`https://example.com:1$[chr]1`;0x0D
url = new URL(img.src);0x0D
if(url.hostname != "example.com"){0x0D
log($[i]);0x0D
}0x0D
} catch{}Sample payloads
try{0x0D
img = document.createElement("img");0x0D
img.src=`https://example.com:1@1`;0x0D
url = new URL(img.src);0x0D
if(url.hostname != "example.com"){0x0D
alert(64);0x0D
}0x0D
} catch{}Fuzz results
Chrome 144.0.0.0 desktop macOS 10.15.7
Updated
Sun Jan 25 2026
Found 1 result
Loading...
Chrome 138.0.0.0 desktop Windows NT 10.0older version
Updated
Fri Aug 01 2025
Found 1 result
Loading...
Chrome 130.0.0.0 desktop Linux Unknownolder version
Updated
Sun Jul 20 2025
Found 1 result
Loading...
Firefox 147.0 desktop Windows NT 10.0
Updated
Sat Jan 31 2026
Found 1 result
Loading...
Firefox 140.0 desktop Linuxolder version
Updated
Sat Jan 31 2026
Found 1 result
Loading...
Firefox 139.0 desktop macOS 10.15older version
Updated
Sun Jun 15 2025
Found 1 result
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated
Mon Jan 26 2026
Found 1 result
Loading...
Safari 18.5 desktop macOS 10.15.7
Updated
Sun Jun 15 2025
Found 1 result
Loading...