Zero Identity - General - Web Security - JS Exploit

Username: Password: [Forgot Password?] [Not Registered?]

Navigation

Navigation

Challenges

Media

Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!

Online Users

Registered Users: 1423

Latest Registration: peterp

Online Users: 11
(0 Members, 11 Guests)

Poll

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

rohansingh47rohansingh47

Last Login:
10 year(s) ago
Joined:
07/17/2008 05:41
Experience:
1005.63 (02 day(s) ago)

hi @vs4vijay what's up

3l_f3n1x3l_f3n1x

Last Login:
10 year(s) ago
Joined:
08/05/2008 22:56
Experience:
276.43 (02 day(s) ago)

what's up?

vs4vijayvs4vijay

Last Login:
10 year(s) ago
Joined:
10/02/2008 06:41
Experience:
1070.77 (05 day(s) ago)

hello buddies...

3l_f3n1x3l_f3n1x

Last Login:
10 year(s) ago
Joined:
08/05/2008 22:56
Experience:
276.43 (19 day(s) ago)

I often visit ZI to see if there's some activity, but I always find it pretty much dead

Last Login:
10 year(s) ago
Joined:
03/30/2008 18:30
Experience:
19699.95 (19 day(s) ago)

hey hows everyone doing. just checking in to see if people are still alive.

swiftnomadswiftnomad

Public Relations

Last Login:
10 year(s) ago
Joined:
04/04/2008 13:35
Experience:
3274.18 (21 day(s) ago)

@el3v3nty , what's up? @mrdotkom, what's up?

[Shoutbox Archive]

Zero Identity Forums - General - Web Security - JS Exploit

Are you bored? Check out the unaswered threads!

w3bw4rr10r Member Trainee Joined: 03.01.2009 Last Seen: 10 year(s) ago Experience: 196.8 Points: 60
	#1 JS Exploit on January 21 2009 18:33
	This script is from a virtual slot machine. I was wondering if there were any exploits for it... Code Highlighting :: Select Code <script type="text/javascript" src="js/ajax-cas-slots.js"></script><center> <form name=slots onsubmit="rollem(); return false;"> <table border=0 cellpadding=3 cellspacing=1 width=300> <tr><th colspan=2> Welcome to the Slot Machine! </th></tr> <tr><th align=right> Gold: </th> <td align=left><input type=box size=10 name=gold READONLY value=3975></td></tr> <tr><th align=right> Your bet: </th> <td align=left><input type=box size=5 name=bet></td></tr> <tr><th><input type=submit value="Spin the slots"></th> <th><input type=button value="I am done for now" onclick="stopplay();"></th></tr> <!--<tr><th colspan=2> <input type=reset value="Start over"> </th></tr>--> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2> <center> <table cellspacing=5 cellpadding=2 border=0><tr> <td><img src=images/casino/slot1.gif name=slot1></td> <td><img src=images/casino/slot2.gif name=slot2></td> <td><img src=images/casino/slot3.gif name=slot3></td> </tr></table> <input type=text readonly size=33 name=banner> </td></tr> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2><center> <table width=100% border=0> <tr><th colspan=3><font size=+1>Payouts</th></tr> <tr><th> 3 of a kind </th> <td align="center"> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> </td><th> 10x your bet </th></tr> <tr><th> A pair </th> <td align="center"> <img src=images/casino/slot2.gif> <img src=images/casino/slot2.gif> <img src=images/casino/slot3.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot0.gif> <img src=images/casino/slot4.gif> <img src=images/casino/slot4.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot5.gif> <img src=images/casino/slot6.gif> <img src=images/casino/slot5.gif> </td><th> 2x your bet </th></tr> <tr><th> No match </th> <td align="center"> <img src=images/casino/slot7.gif> <img src=images/casino/slot8.gif> <img src=images/casino/slot9.gif> </td><th> You lose </th></tr> </table> </td></tr> </table></center> </form> </center> <div id="emptybox"></div> <script> slotitem = new Array('0','1','2','3','4','5','6','7','8','9'); document.slots.bet.focus(); startgold=3975; document.slots.gold.value=startgold; function stopplay () { if (document.slots.gold.value < startgold) {alert("You lost "+ (startgold-document.slots.gold.value) +" gold pieces. ");} else {alert("You gained "+ (document.slots.gold.value-startgold) +" gold pieces. ");} } function rollem () { if (document.slots.bet.value<1 \|\| document.slots.bet.value == "" \|\| document.slots.bet.value>10000) {alert("You cannot bet less that 1 or greater than 10,000. "); return;} if (Math.floor(document.slots.gold.value) < Math.floor(document.slots.bet.value)) {alert("Your bet "+document.slots.bet.value+" is larger than your remaining gold "+document.slots.gold.value+". "); return;} if (document.slots.bet.value>1) {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold pieces";} else {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold piece";} counter=0; spinem(); } function spinem() { turns1=10+Math.floor((Math.random() * 10)) for (a=0;a<turns1;a++) {document.slots.slot1.src="images/casino/slot"+slotitem[a % 9]+".gif"; } turns2=10+Math.floor((Math.random() * 10)) for (b=0;b<turns2;b++) {document.slots.slot2.src="images/casino/slot"+slotitem[b % 9]+".gif"; } turns3=10+Math.floor((Math.random() * 10)) for (c=0;c<turns3;c++) {document.slots.slot3.src="images/casino/slot"+slotitem[c % 9]+".gif"; } counter++; if (counter<25) {setTimeout("spinem(counter);",50);} else {checkmatch();} } function checkmatch() { if ((document.slots.slot1.src == document.slots.slot2.src) && (document.slots.slot1.src == document.slots.slot3.src)){ document.slots.banner.value="3 of a kind - You won "+Math.floor(document.slots.bet.value10)+" gold pieces"; document.slots.gold.value=Math.floor(document.slots.gold.value)+Math.floor(document.slots.bet.value10); sendval('win',Math.floor(document.slots.bet.value10)); } else if ((document.slots.slot1.src == document.slots.slot2.src) \|\| (document.slots.slot1.src == document.slots.slot3.src) \|\| (document.slots.slot2.src == document.slots.slot3.src)){ document.slots.banner.value="A pair - You won "+Math.floor(document.slots.bet.value2)+" gold pieces"; document.slots.gold.value = Math.floor(document.slots.bet.value2) + Math.floor(document.slots.gold.value); sendval('win',Math.floor(document.slots.bet.value2)); } else { document.slots.gold.value=document.slots.gold.value-document.slots.bet.value; document.slots.banner.value="No match - You lost "+document.slots.bet.value+" gold pieces"; sendval('lose',document.slots.bet.value); } } </script>

mrdotkom Veteran Member The Smoking gun. Professional Analyst Joined: 03.04.2008 Last Seen: 10 year(s) ago Experience: 917.83 Points: 210
	#2 The Smoking gun. on January 21 2009 20:52
	Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 99999999999)` Winrar Simple JS injection. You just need to find the value in the code and inject whatever value you want in there. Would love to see someone who actually used this online, where'd you get it? Freaky Transvestite Paradox = FTP

mrdotkom Veteran Member The Smoking gun. Professional Analyst Joined: 03.04.2008 Last Seen: 10 year(s) ago Experience: 917.83 Points: 210
	#3 The Smoking gun. on January 21 2009 20:57
	Edit: ofcourse with that, i've realized you are gettin a NAN error aka NOT A NUMBER too fix this, you have to use a number less than 10,000 so try 9999 Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 9999)` Freaky Transvestite Paradox = FTP

w3bw4rr10r Member Trainee Joined: 03.01.2009 Last Seen: 10 year(s) ago Experience: 196.8 Points: 60
	#4 on January 22 2009 22:27
	Well this is a pretty commonly used casino script, but I don't know any specific sites... Anyhow, back on topic. Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 9999999)` works as well, because the value is the amount of gold you start off with. However, because of the 10k limit it would be a pain in the ass to do this over and over again...is there any way to 1) raise/remove the stupid limit 2) make the slot machine always get a match. Thanks for your help mrdotkom.

mrdotkom Veteran Member The Smoking gun. Professional Analyst Joined: 03.04.2008 Last Seen: 10 year(s) ago Experience: 917.83 Points: 210
	#5 The Smoking gun. on January 22 2009 22:34
	Quote from w3bw4rr10r Well this is a pretty commonly used casino script, but I don't know any specific sites... Anyhow, back on topic. Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 9999999)` works as well, because the value is the amount of gold you start off with. However, because of the 10k limit it would be a pain in the ass to do this over and over again...is there any way to 1) raise/remove the stupid limit 2) make the slot machine always get a match. Thanks for your help mrdotkom. there are a few things you can do. this makes it so you get 3 of a kind all of the time winning back 1000% of your bet Code Highlighting :: Select Code <script type="text/javascript" src="js/ajax-cas-slots.js"></script><center> <form name=slots onsubmit="rollem(); return false;"> <table border=0 cellpadding=3 cellspacing=1 width=300> <tr><th colspan=2> Welcome to the Slot Machine! </th></tr> <tr><th align=right> Gold: </th> <td align=left><input type=box size=10 name=gold READONLY value=3975></td></tr> <tr><th align=right> Your bet: </th> <td align=left><input type=box size=5 name=bet></td></tr> <tr><th><input type=submit value="Spin the slots"></th> <th><input type=button value="I am done for now" onclick="stopplay();"></th></tr> <!--<tr><th colspan=2> <input type=reset value="Start over"> </th></tr>--> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2> <center> <table cellspacing=5 cellpadding=2 border=0><tr> <td><img src=images/casino/slot1.gif name=slot1></td> <td><img src=images/casino/slot2.gif name=slot2></td> <td><img src=images/casino/slot3.gif name=slot3></td> </tr></table> <input type=text readonly size=33 name=banner> </td></tr> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2><center> <table width=100% border=0> <tr><th colspan=3><font size=+1>Payouts</th></tr> <tr><th> 3 of a kind </th> <td align="center"> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> </td><th> 10x your bet </th></tr> <tr><th> A pair </th> <td align="center"> <img src=images/casino/slot2.gif> <img src=images/casino/slot2.gif> <img src=images/casino/slot3.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot0.gif> <img src=images/casino/slot4.gif> <img src=images/casino/slot4.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot5.gif> <img src=images/casino/slot6.gif> <img src=images/casino/slot5.gif> </td><th> 2x your bet </th></tr> <tr><th> No match </th> <td align="center"> <img src=images/casino/slot7.gif> <img src=images/casino/slot8.gif> <img src=images/casino/slot9.gif> </td><th> You lose </th></tr> </table> </td></tr> </table></center> </form> </center> <div id="emptybox"></div> <script> slotitem = new Array('0','1','2','3','4','5','6','7','8','9'); document.slots.bet.focus(); startgold=3975; document.slots.gold.value=startgold; function stopplay () { if (document.slots.gold.value < startgold) {alert("You lost "+ (startgold-document.slots.gold.value) +" gold pieces. ");} else {alert("You gained "+ (document.slots.gold.value-startgold) +" gold pieces. ");} } function rollem () { if (document.slots.bet.value<1 \|\| document.slots.bet.value == "" \|\| document.slots.bet.value>10000) {alert("You cannot bet less that 1 or greater than 10,000. "); return;} if (Math.floor(document.slots.gold.value) < Math.floor(document.slots.bet.value)) {alert("Your bet "+document.slots.bet.value+" is larger than your remaining gold "+document.slots.gold.value+". "); return;} if (document.slots.bet.value>1) {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold pieces";} else {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold piece";} counter=0; spinem(); } function spinem() { turns1=10+Math.floor((Math.random() * 10)) for (a=0;a<turns1;a++) {document.slots.slot1.src="images/casino/slot"+slotitem[a % 9]+".gif"; } turns2=10+Math.floor((Math.random() * 10)) for (b=0;b<turns2;b++) {document.slots.slot2.src="images/casino/slot"+slotitem[b % 9]+".gif"; } turns3=10+Math.floor((Math.random() * 10)) for (c=0;c<turns3;c++) {document.slots.slot3.src="images/casino/slot"+slotitem[c % 9]+".gif"; } counter++; if (counter<25) {setTimeout("spinem(counter);",50);} else {checkmatch();} } function checkmatch() { if ((document.slots.slot1.src == document.slots.slot1.src) && (document.slots.slot1.src == document.slots.slot1.src)){ document.slots.banner.value="3 of a kind - You won "+Math.floor(document.slots.bet.value10)+" gold pieces"; document.slots.gold.value=Math.floor(document.slots.gold.value)+Math.floor(document.slots.bet.value10); sendval('win',Math.floor(document.slots.bet.value10)); } else if ((document.slots.slot2.src == document.slots.slot2.src) \|\| (document.slots.slot2.src == document.slots.slot2.src) \|\| (document.slots.slot2.src == document.slots.slot2.src)){ document.slots.banner.value="A pair - You won "+Math.floor(document.slots.bet.value2)+" gold pieces"; document.slots.gold.value = Math.floor(document.slots.bet.value2) + Math.floor(document.slots.gold.value); sendval('win',Math.floor(document.slots.bet.value2)); } else { document.slots.gold.value=document.slots.gold.value-document.slots.bet.value; document.slots.banner.value="No match - You lost "+document.slots.bet.value+" gold pieces"; sendval('lose',document.slots.bet.value); } } </script> Freaky Transvestite Paradox = FTP

w3bw4rr10r Member Trainee Joined: 03.01.2009 Last Seen: 10 year(s) ago Experience: 196.8 Points: 60
	#6 on January 23 2009 11:48
	How could I insert this into a page that I don't have access to? I don't think that can execute from the browser.

Who is watching forums

Users viewing this page:	Guests (1)
Users viewing the forum:	0

© 2009 ZeroIdentity.org | Atlanta SEO

Powered by phpFort © 2008
Page generated in 0.085 seconds. :: MySQL Queries: 12