Injection in src attribute PORT, characters that change hostname
1
1
1Injection in src attribute PORT, characters that change hostname
Created by: reindaelman
Created on: Sunday, June 15, 2025 at 6:15:55 PM
Updated on: Sunday, June 15, 2025 at 6:16:39 PM
Category: URL Handling
Vector visibility: Public
Vector type: JS
Vector charset: UTF-8
Template used:
try{
img = document.createElement("img");
img.src=`https://example.com:1$[chr]1`;
url = new URL(img.src);
if(url.hostname != "example.com"){
log($[i]);
}
} catch{}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
try{
img = document.createElement("img");
img.src=`https://example.com:1@1`;
url = new URL(img.src);
if(url.hostname != "example.com"){
alert(64);
}
} catch{}Fuzz results
Firefox 139.0 desktop macOS 10.15
Updated
Sun Jun 15 2025
Found 1 result
Loading...
Safari 18.5 desktop macOS 10.15.7
Updated
Sun Jun 15 2025
Found 1 result
Loading...
Chrome 137.0.0.0 desktop macOS 10.15.7
Updated
Wed Jun 18 2025
Found 1 result
Loading...
Chrome 130.0.0.0 desktop Linux Unknown
Updated
Sun Jul 20 2025
Found 1 result
Loading...
Chrome 138.0.0.0 desktop Windows NT 10.0
Updated
Fri Aug 01 2025
Found 1 result
Loading...