Zero Identity - General - Web Security - JS Exploit

Username: Password: [Forgot Password?] [Not Registered?]

Navigation

Navigation

Challenges

Media

Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!

Online Users

Registered Users: 2016

Latest Registration: yhamrodne

Online Users: 11
(0 Members, 11 Guests)

Poll

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (16 day(s) ago)

The crashed tables for registration and other stuff is easy to fix (using the Mysql command "REPAIR TABLE").

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (17 day(s) ago)

Link Bugs List

ttyler333ttyler333

Last Login:
0000-00-00
Joined:
May 09 2008 01:45
Experience:
1095.2 (18 day(s) ago)

according to a friend the registration doesn't work.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (18 day(s) ago)

Oh hey, the site's back!

Last Login:
0000-00-00
Joined:
March 30 2008 22:30
Experience:
20492 (19 day(s) ago)

Please do keep a list of all the bugs. They might eventually get fixed.. lol.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (01 month(s) ago)

What we could do is start compling a list of bugs on the Tasks page, so if and when development resumes the developers know what needs doing.

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (02 month(s) ago)

Kewl, the domain renewed another year.

Any other future plans?

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)

Huh, Kr0w's posts disappeared.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)

I've got no idea. I'll send off an email to one of the admins in a moment to check, since I've been meaning to contact them anyway.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)

There seems to be ~10 guests on most days, but I have no idea if that's genuine users or crawler bots. If they are real users we need to do something to convince them to register.

[Shoutbox Archive]

Zero Identity Forums - General - Web Security - JS Exploit

Are you bored? Check out the unaswered threads!

w3bw4rr10r Member Trainee Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 196.8 Points: 60
	#1 JS Exploit on 01/01/1970 00:00
	This script is from a virtual slot machine. I was wondering if there were any exploits for it... Code Highlighting :: Select Code <script type="text/javascript" src="js/ajax-cas-slots.js"></script><center> <form name=slots onsubmit="rollem(); return false;"> <table border=0 cellpadding=3 cellspacing=1 width=300> <tr><th colspan=2> Welcome to the Slot Machine! </th></tr> <tr><th align=right> Gold: </th> <td align=left><input type=box size=10 name=gold READONLY value=3975></td></tr> <tr><th align=right> Your bet: </th> <td align=left><input type=box size=5 name=bet></td></tr> <tr><th><input type=submit value="Spin the slots"></th> <th><input type=button value="I am done for now" onclick="stopplay();"></th></tr> <!--<tr><th colspan=2> <input type=reset value="Start over"> </th></tr>--> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2> <center> <table cellspacing=5 cellpadding=2 border=0><tr> <td><img src=images/casino/slot1.gif name=slot1></td> <td><img src=images/casino/slot2.gif name=slot2></td> <td><img src=images/casino/slot3.gif name=slot3></td> </tr></table> <input type=text readonly size=33 name=banner> </td></tr> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2><center> <table width=100% border=0> <tr><th colspan=3><font size=+1>Payouts</th></tr> <tr><th> 3 of a kind </th> <td align="center"> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> </td><th> 10x your bet </th></tr> <tr><th> A pair </th> <td align="center"> <img src=images/casino/slot2.gif> <img src=images/casino/slot2.gif> <img src=images/casino/slot3.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot0.gif> <img src=images/casino/slot4.gif> <img src=images/casino/slot4.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot5.gif> <img src=images/casino/slot6.gif> <img src=images/casino/slot5.gif> </td><th> 2x your bet </th></tr> <tr><th> No match </th> <td align="center"> <img src=images/casino/slot7.gif> <img src=images/casino/slot8.gif> <img src=images/casino/slot9.gif> </td><th> You lose </th></tr> </table> </td></tr> </table></center> </form> </center> <div id="emptybox"></div> <script> slotitem = new Array('0','1','2','3','4','5','6','7','8','9'); document.slots.bet.focus(); startgold=3975; document.slots.gold.value=startgold; function stopplay () { if (document.slots.gold.value < startgold) {alert("You lost "+ (startgold-document.slots.gold.value) +" gold pieces. ");} else {alert("You gained "+ (document.slots.gold.value-startgold) +" gold pieces. ");} } function rollem () { if (document.slots.bet.value<1 \|\| document.slots.bet.value == "" \|\| document.slots.bet.value>10000) {alert("You cannot bet less that 1 or greater than 10,000. "); return;} if (Math.floor(document.slots.gold.value) < Math.floor(document.slots.bet.value)) {alert("Your bet "+document.slots.bet.value+" is larger than your remaining gold "+document.slots.gold.value+". "); return;} if (document.slots.bet.value>1) {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold pieces";} else {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold piece";} counter=0; spinem(); } function spinem() { turns1=10+Math.floor((Math.random() * 10)) for (a=0;a<turns1;a++) {document.slots.slot1.src="images/casino/slot"+slotitem[a % 9]+".gif"; } turns2=10+Math.floor((Math.random() * 10)) for (b=0;b<turns2;b++) {document.slots.slot2.src="images/casino/slot"+slotitem[b % 9]+".gif"; } turns3=10+Math.floor((Math.random() * 10)) for (c=0;c<turns3;c++) {document.slots.slot3.src="images/casino/slot"+slotitem[c % 9]+".gif"; } counter++; if (counter<25) {setTimeout("spinem(counter);",50);} else {checkmatch();} } function checkmatch() { if ((document.slots.slot1.src == document.slots.slot2.src) && (document.slots.slot1.src == document.slots.slot3.src)){ document.slots.banner.value="3 of a kind - You won "+Math.floor(document.slots.bet.value10)+" gold pieces"; document.slots.gold.value=Math.floor(document.slots.gold.value)+Math.floor(document.slots.bet.value10); sendval('win',Math.floor(document.slots.bet.value10)); } else if ((document.slots.slot1.src == document.slots.slot2.src) \|\| (document.slots.slot1.src == document.slots.slot3.src) \|\| (document.slots.slot2.src == document.slots.slot3.src)){ document.slots.banner.value="A pair - You won "+Math.floor(document.slots.bet.value2)+" gold pieces"; document.slots.gold.value = Math.floor(document.slots.bet.value2) + Math.floor(document.slots.gold.value); sendval('win',Math.floor(document.slots.bet.value2)); } else { document.slots.gold.value=document.slots.gold.value-document.slots.bet.value; document.slots.banner.value="No match - You lost "+document.slots.bet.value+" gold pieces"; sendval('lose',document.slots.bet.value); } } </script>

mrdotkom Veteran Member The Smoking gun. Professional Analyst Joined: 04/03/2008 Last Seen: 2011-08-11 Experience: 917.83 Points: 210
	#2 The Smoking gun. on 01/01/1970 00:00
	Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 99999999999)` Winrar Simple JS injection. You just need to find the value in the code and inject whatever value you want in there. Would love to see someone who actually used this online, where'd you get it? Freaky Transvestite Paradox = FTP

mrdotkom Veteran Member The Smoking gun. Professional Analyst Joined: 04/03/2008 Last Seen: 2011-08-11 Experience: 917.83 Points: 210
	#3 The Smoking gun. on 01/01/1970 00:00
	Edit: ofcourse with that, i've realized you are gettin a NAN error aka NOT A NUMBER too fix this, you have to use a number less than 10,000 so try 9999 Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 9999)` Freaky Transvestite Paradox = FTP

w3bw4rr10r Member Trainee Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 196.8 Points: 60
	#4 on 01/01/1970 00:00
	Well this is a pretty commonly used casino script, but I don't know any specific sites... Anyhow, back on topic. Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 9999999)` works as well, because the value is the amount of gold you start off with. However, because of the 10k limit it would be a pain in the ass to do this over and over again...is there any way to 1) raise/remove the stupid limit 2) make the slot machine always get a match. Thanks for your help mrdotkom.

mrdotkom Veteran Member The Smoking gun. Professional Analyst Joined: 04/03/2008 Last Seen: 2011-08-11 Experience: 917.83 Points: 210
	#5 The Smoking gun. on 01/01/1970 00:00
	Quote from w3bw4rr10r Well this is a pretty commonly used casino script, but I don't know any specific sites... Anyhow, back on topic. Code Highlighting :: Select Code `javascript:void(document.slots.gold.value = 9999999)` works as well, because the value is the amount of gold you start off with. However, because of the 10k limit it would be a pain in the ass to do this over and over again...is there any way to 1) raise/remove the stupid limit 2) make the slot machine always get a match. Thanks for your help mrdotkom. there are a few things you can do. this makes it so you get 3 of a kind all of the time winning back 1000% of your bet Code Highlighting :: Select Code <script type="text/javascript" src="js/ajax-cas-slots.js"></script><center> <form name=slots onsubmit="rollem(); return false;"> <table border=0 cellpadding=3 cellspacing=1 width=300> <tr><th colspan=2> Welcome to the Slot Machine! </th></tr> <tr><th align=right> Gold: </th> <td align=left><input type=box size=10 name=gold READONLY value=3975></td></tr> <tr><th align=right> Your bet: </th> <td align=left><input type=box size=5 name=bet></td></tr> <tr><th><input type=submit value="Spin the slots"></th> <th><input type=button value="I am done for now" onclick="stopplay();"></th></tr> <!--<tr><th colspan=2> <input type=reset value="Start over"> </th></tr>--> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2> <center> <table cellspacing=5 cellpadding=2 border=0><tr> <td><img src=images/casino/slot1.gif name=slot1></td> <td><img src=images/casino/slot2.gif name=slot2></td> <td><img src=images/casino/slot3.gif name=slot3></td> </tr></table> <input type=text readonly size=33 name=banner> </td></tr> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2><center> <table width=100% border=0> <tr><th colspan=3><font size=+1>Payouts</th></tr> <tr><th> 3 of a kind </th> <td align="center"> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> <img src=images/casino/slot1.gif> </td><th> 10x your bet </th></tr> <tr><th> A pair </th> <td align="center"> <img src=images/casino/slot2.gif> <img src=images/casino/slot2.gif> <img src=images/casino/slot3.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot0.gif> <img src=images/casino/slot4.gif> <img src=images/casino/slot4.gif> </td><th> 2x your bet </th></tr> <tr><th> or </th> <td align="center"> <img src=images/casino/slot5.gif> <img src=images/casino/slot6.gif> <img src=images/casino/slot5.gif> </td><th> 2x your bet </th></tr> <tr><th> No match </th> <td align="center"> <img src=images/casino/slot7.gif> <img src=images/casino/slot8.gif> <img src=images/casino/slot9.gif> </td><th> You lose </th></tr> </table> </td></tr> </table></center> </form> </center> <div id="emptybox"></div> <script> slotitem = new Array('0','1','2','3','4','5','6','7','8','9'); document.slots.bet.focus(); startgold=3975; document.slots.gold.value=startgold; function stopplay () { if (document.slots.gold.value < startgold) {alert("You lost "+ (startgold-document.slots.gold.value) +" gold pieces. ");} else {alert("You gained "+ (document.slots.gold.value-startgold) +" gold pieces. ");} } function rollem () { if (document.slots.bet.value<1 \|\| document.slots.bet.value == "" \|\| document.slots.bet.value>10000) {alert("You cannot bet less that 1 or greater than 10,000. "); return;} if (Math.floor(document.slots.gold.value) < Math.floor(document.slots.bet.value)) {alert("Your bet "+document.slots.bet.value+" is larger than your remaining gold "+document.slots.gold.value+". "); return;} if (document.slots.bet.value>1) {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold pieces";} else {document.slots.banner.value="Bet is "+document.slots.bet.value+" gold piece";} counter=0; spinem(); } function spinem() { turns1=10+Math.floor((Math.random() * 10)) for (a=0;a<turns1;a++) {document.slots.slot1.src="images/casino/slot"+slotitem[a % 9]+".gif"; } turns2=10+Math.floor((Math.random() * 10)) for (b=0;b<turns2;b++) {document.slots.slot2.src="images/casino/slot"+slotitem[b % 9]+".gif"; } turns3=10+Math.floor((Math.random() * 10)) for (c=0;c<turns3;c++) {document.slots.slot3.src="images/casino/slot"+slotitem[c % 9]+".gif"; } counter++; if (counter<25) {setTimeout("spinem(counter);",50);} else {checkmatch();} } function checkmatch() { if ((document.slots.slot1.src == document.slots.slot1.src) && (document.slots.slot1.src == document.slots.slot1.src)){ document.slots.banner.value="3 of a kind - You won "+Math.floor(document.slots.bet.value10)+" gold pieces"; document.slots.gold.value=Math.floor(document.slots.gold.value)+Math.floor(document.slots.bet.value10); sendval('win',Math.floor(document.slots.bet.value10)); } else if ((document.slots.slot2.src == document.slots.slot2.src) \|\| (document.slots.slot2.src == document.slots.slot2.src) \|\| (document.slots.slot2.src == document.slots.slot2.src)){ document.slots.banner.value="A pair - You won "+Math.floor(document.slots.bet.value2)+" gold pieces"; document.slots.gold.value = Math.floor(document.slots.bet.value2) + Math.floor(document.slots.gold.value); sendval('win',Math.floor(document.slots.bet.value2)); } else { document.slots.gold.value=document.slots.gold.value-document.slots.bet.value; document.slots.banner.value="No match - You lost "+document.slots.bet.value+" gold pieces"; sendval('lose',document.slots.bet.value); } } </script> Freaky Transvestite Paradox = FTP

w3bw4rr10r Member Trainee Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 196.8 Points: 60
	#6 on 01/01/1970 00:00
	How could I insert this into a page that I don't have access to? I don't think that can execute from the browser.

Who is watching forums

Users viewing this page:	Guests (1)
Users viewing the forum:	0

© 2009 ZeroIdentity.org

Powered by phpFort © 2008
Page generated in 0.071 seconds. :: MySQL Queries: 12