Merge pull request #6 from PortSwigger/4-reference-localhost-avoid-us…

…ing-in-the-protocol-portion-of-the-absolute-url Fake absolute URL without leading //
PortSwigger · Sep 5, 2024 · 468f9ec · 468f9ec
2 parents 64dc2b7 + e0a6de4
commit 468f9ec
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/fake_relative_urls.json b/src/fake_relative_urls.json
@@ -609,6 +609,15 @@
             "tags": ["URL"],
             "id": "5d2743398cd2346eb0a4008174a817498c7f685e"
         },
+        {
+            "payload": "<attacker>",
+            "description": "http:/0/<attacker>",
+            "filters": [],
+            "prefix": "http:/0/",
+            "suffix": "",
+            "tags": ["URL"],
+            "id": "c316f024b09e4fcbc1c7ff5072087354d747fd98"
+        },
         {
             "payload": "\u200b<attacker>",
             "description": "HTML entities ZeroWidthSpace, NegativeVeryThinSpace, NegativeThinSpace, NegativeMediumSpace, NegativeThickSpace (U+200B) allowed inside host",