var keyStr="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
function decode64(input){
var output="";var chr1,chr2,chr3="";var enc1,enc2,enc3,enc4="";var i=0;
input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{
enc1=keyStr.indexOf(input.charAt(i++));enc2=keyStr.indexOf(input.charAt(i++));
enc3=keyStr.indexOf(input.charAt(i++));enc4=keyStr.indexOf(input.charAt(i++));
chr1=(enc1<<2)|(enc2>>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;
output=output+String.fromCharCode(chr1);
if(enc3!=64){output=output+String.fromCharCode(chr2);}
if(enc4!=64){output=output+String.fromCharCode(chr3);}
chr1=chr2=chr3="";enc1=enc2=enc3=enc4="";
}while(i<input.length);return unescape(output);}

var str1="cookiesession8341";
<variable-list>

function createXHR(){
var xhr;if(typeof XMLHttpRequest!='undefined'){xhr=new XMLHttpRequest();return xhr;
}else if(typeof ActiveXObject!='undefined'){
var aVersions=["Msxml2.XMLHttp","Msxml2.XMLHttp.3.0","Microsoft.XMLHTTP"];
for(var i=0;i<aVersions.length;i++){try{xhr=new ActiveXObject(aVersions[i]);}catch(e){continue;}return xhr;}}}

function XHRhandler(e){if(xhr.readyState==4){if(xhr.status==200){document.open();document.write(xhr.responseText);document.close();}}}

var xhr=createXHR();
if(xhr){xhr.onreadystatechange=XHRhandler;var url="fortiweb_waf_cli_req_url";
url+="?"+str1+"="+decode64(<fortiweb-sessioncookie>);
xhr.open("POST",url,true);xhr.setRequestHeader("Content-Type", "text/html");
var send_data="fwb_dat="+"fortiweb_waf_send_data";xhr.send(send_data);}
