Ok...basically there is a page in this browser-based RPG that you can "reconfigure" stats.
Source:
<html>
<head>
<script type="text/javascript" src="js/ajax-reconfigure.js"></script>
<script type="text/javascript">
function onlyNumbers(evt) {
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57) && charCode != 190 && charCode != 110){
return false;
}else{
return true;
}
}
function addstats(){
var tot = document.getElementById("total").value;
var agi = document.getElementById("newagility").value;
var str = document.getElementById("newstrength").value;
var eva = document.getElementById("newevasion").value;
var rem = tot-agi-str-eva;
rem=Math.round(rem*1000)/1000;
document.getElementById("remain").value=rem;
if (document.getElementById("remain").value == 0){
document.getElementById("submit").disabled=false;
document.getElementById("submit").value="Submit";
} else {
document.getElementById("submit").disabled=true;
document.getElementById("submit").value="You MUST use ALL stats";
}
}
</script>
<link href="default.css" rel="stylesheet" type="text/css">
<script type="text/javascript">
/***********************************************
* Local Time script- © Dynamic Drive (http://www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/
//CHANGE SERVER RESULT TO TEXT
var weekdaystxt=["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"]
var daystxt=["31st", "1st", "2nd", "3rd", "4th", "5th", "6th", "7th", "8th", "9th", "10th", "11th", "12th", "13th", "14th", "15th", "16th", "17th", "18th", "19th", "20th", "21st", "22nd", "23rd", "24th", "25th", "26th", "27th", "28th", "29th", "30th"]
var monthtxt=["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"]
function showLocalTime(container, servermode, offsetMinutes, displayversion){
if (!document.getElementById || !document.getElementById(container)) return
this.container=document.getElementById(container)
this.displayversion=displayversion
var servertimestring=(servermode=="server-php")? 'March 13, 2009 00:04:02' : (servermode=="server-ssi")? '<!--#config timefmt="%B %d, %Y %H:%M:%S"-->' : '<%= Now() %>'
this.localtime=this.serverdate=new Date(servertimestring)
this.localtime.setTime(this.serverdate.getTime()+offsetMinutes*60*1000) //add user offset to server time
this.updateTime()
this.updateContainer()}
showLocalTime.prototype.updateTime=function(){
var thisobj=this
this.localtime.setSeconds(this.localtime.getSeconds()+1)
setTimeout(function(){thisobj.updateTime()}, 1000)} //update time every second
showLocalTime.prototype.updateContainer=function(){
var thisobj=this
if (this.displayversion=="long")
this.container.innerHTML=this.localtime.toLocaleString()
else{
var hour=this.localtime.getHours()
var minutes=this.localtime.getMinutes()
var seconds=this.localtime.getSeconds()
//COUNTDOWN SECONDS
if (seconds < 1){
var resets=00
var resetm=(59-minutes)+1
var reseth=23-hour}
else{
//COUNTDOWN MINUTES
if (minutes < 1){
var resets=60-seconds
var resetm=00
var reseth=(23-hour)+1}
//IF NO VALUE IS '00'
else{
var reseth=23-hour
var resetm=59-minutes
var resets=60-seconds}}
//***ADD THE AM/PM PART IF ON 12HR SETTING--- ALSO ADD "+ampm+" INTO DISPLAY LINE BELOW
//var ampm=(hour>=12)? "PM" : "AM"
//GET SERVER FIGURE AND FILTER THROUGH LISTS AT START
var dayofweek=weekdaystxt[this.serverdate.getDay()]
var day=daystxt[this.serverdate.getDate()]
var month=monthtxt[this.serverdate.getMonth()]
var year=[this.serverdate.getFullYear()]
this.container.innerHTML=" "+day+" "+month+" "+formatField(hour, 1)+":"+formatField(minutes)+":"+formatField(seconds)+" | Time To Reset: "+formatField(reseth, 1)+":"+formatField(resetm)+":"+formatField(resets)}
setTimeout(function(){thisobj.updateContainer()}, 1000)} //update container every second
function formatField(num, isHour){
//SWITCH TO 12/24HR STYLE
//if (typeof isHour!="undefined"){
//var hour=(num>12)? num-12 : num
//return (hour==0)? 12 : hour}
//END SWITCH TO 12/24HR
return (num<=9)? "0"+num : num} //if this is minute or sec field
</script>
</head>
<body onLoad="refresh_stats();">
<table width="982" border="0" align="center" cellpadding="0" cellspacing="0" class="bg7">
<tr>
<td><table width="982" border="0" align="center" cellpadding="0" cellspacing="0" class="bg8">
<tr>
<td><table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="273"><img src="images/homepage06.jpg" alt="" width="273" height="141"></td>
<td width="677"><img src="images/homepage07.jpg" alt="" width="677" height="141"></td>
</tr>
<tr>
<td colspan="2" class="bg3" style="height:50px;"><table width="950" border="0" cellspacing="0" cellpadding="0" style="height:50px;">
<tr>
<td width="33"> </td>
<td width="500" class="text2"><table border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="forum.php" class="link1">Forums</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
<td><a href="autochat.php" class="link1">Chat</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td> <td><a href="help.php" class="link1">Help</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
<td><a href="staff.php" class="link1">Staff</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
<td><a href="logout.php" class="link1">Logout</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
<td><a href="updates.php" class="link1">Updates</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
<td><a href="votelinks.php" class="link1">Voting Links</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
<td><a href="donate.php" class="link1">Donator Packages</a></td>
<td><img src="images/subpage1_02.jpg" alt="" width="4" height="16" hspace="15"></td>
</tr>
</table></td>
<td width="433" align="right" class="text1">
Game Time = <span id=timecontainer></span>
<script type="text/javascript">
new showLocalTime("timecontainer", "server-php", 0, "short")
</script>
</td>
<td width="32"> </td>
</tr>
</table></td>
</tr>
</table>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr valign="top">
<td width="181"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="text2" style="background-image:url(images/homepage09.jpg); height:40px;"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="15"><img src="images/spacer.gif" alt="" width="15" height="40"></td>
<td width="166" class="text2">Player Statistics</td>
</tr>
</table></td>
</tr>
<tr><td>
<div id="statbox"></div>
</td></tr>
<tr> </tr>
<tr>
<td><img src="images/homepage11.jpg" alt="" width="181" height="8"></td>
</tr>
</table>
<table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td style="background-image:url(images/homepage09.jpg); height:40px;"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="15"><img src="images/spacer.gif" alt="" width="20" height="40"></td>
<td width="166" class="text2">Navigation</td>
</tr>
</table></td>
</tr>
<tr>
<td style="background-image:url(images/homepage10.jpg); height:15px;"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td><center>
<b><font color=FFFFFF>City Section</font></b></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=cc-city.php class="link1">Crystal Creek Town</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=arena.php class="link1">Town Battle Arena</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=dungeon.php class="link1">Dungeon</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=cc-lightheal.php class="link1">Light Fountain</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=transfer.php class="link1">Delivery Service</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=portal.php class="link1">Ancient Portals</a></td>
</tr>
<tr>
<td colspan="2"><img src="images/homepage11.jpg" alt="" width="181" height="20"></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td><center>
<b><font color=FFFFFF>Personal Section</font></b></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=main.php class="link1">Your Hut</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=bank.php class="link1">Your Bank</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=merc-home.php class="link1">Your Mercenary</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=account.php class="link1">Your Account</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=inventory.php class="link1">Your Armoury</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=imail.php class="link1">Your Mailbag</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=cc-farm.php class="link1">Your Farm</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=game-lottery.php class="link1">Realm Lottery</a></td>
</tr>
<!-- <tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=dongold-lottery.php class="link1">Donator Lottery</a></td>
</tr>-->
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=garena-rps.php class="link1">RPS NPC Arena</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=garena-rps-PvP.php class="link1">RPS PvP Arena</a></td>
</tr>
<tr>
<td colspan="2"><img src="images/homepage11.jpg" alt="" width="181" height="20"></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td><center>
<b><font color=FFFFFF>Clan Section</font></b></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=clan-list.php class="link1">View All Clans</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=clan-home.php class="link1">Visit My Clan</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=cc-clanmine.php class="link1">Clan Mines</a></td>
</tr>
<tr>
<td colspan="2"><img src="images/homepage11.jpg" alt="" width="181" height="20"></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td><center>
<b><font color=FFFFFF>Statistics Section</font></b></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=ranking.php class="link1">Player Statistics</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=stat-mercs.php class="link1">Mercenary Statistics</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=stat-racerank.php class="link1">Race Statistics</a></td>
</tr>
<!-- <tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=stat-noblerank.php class="link1">Noble Statistics</a></td>
</tr>-->
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=stat-referrals.php class="link1">Referral Statistics</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=stat-dungeons.php class="link1">Dungeon Statistics</a></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=stat-randomtoday.php class="link1">Todays Statistics</a></td>
</tr>
<tr>
<td colspan="2"><img src="images/homepage11.jpg" alt="" width="181" height="20"></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td><center>
<b><font color=FFFFFF>Donating Section</font></b></td>
</tr>
<tr>
<td width="8%"><img src="images/spacer.gif" alt="" width="15" height="20"></td>
<td width="92%"><a href=donate.php class="link1">Donator Packages</a></td>
</tr>
</table></td>
</tr>
<tr>
<td><img src="images/homepage11.jpg" alt="" width="181" height="8"></td>
</tr>
</table>
<table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td style="background-image:url(images/homepage09.jpg); height:40px;"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="15"><img src="images/spacer.gif" alt="" width="15" height="40"></td>
<td width="166" class="text2">Game Details</td>
</tr>
</table></td>
</tr>
<tr>
<td><table cellpadding="3" cellspacing="5">
<tr>
<td><font color=#ffffff>
<font color="#FFFFFF">11 Players Online<br><br><font style="color: red;"><u>Local Game Date</u></font><br>Friday 13th of March 2009<br><font style="color: red;"><u>Local Game Time</u></font><br>12:04:02 AM<br><font style="color: red;"><u>Time Until Reset</u></font><br>22 Hours 55 Minutes
</td></tr></table>
</td>
</tr>
</table></td>
<td width="769"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="589" style="background-image: url(images/subpage2_01.jpg); height:40px;"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="26"><img src="images/spacer.gif" alt="" width="26" height="40"></td>
<td width="563" class="text4">Stats Reconfiguration</td>
</tr>
</table></td>
</tr>
<tr> </tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="30">
<tr>
<td>
<center>
<big><font color=red>WARNING! You may only use ths option 1 time!</font></big><br /><br />
<table>
<tr>
<td>Total Available Points</td>
<td><input type="box" size="10" id="total" name="total" READONLY value=1421.96></td>
<td><input type="box" size="10" id="remain" name="remain" READONLY value=1421.96></td>
</tr>
<tr>
<td><b>Stat</b></td>
<td><b>Current</b></td>
<td><b>New</b></td>
<tr>
<td>Agility:</td>
<td>1013.000</td>
<td><input type="text" size="10" id="newagility" name="newagility" value="0" onkeydown="return onlyNumbers(event);" onkeyup="addstats();"></td>
</tr>
<tr>
<td>Strength:</td>
<td>408.960</td>
<td><input type="text" size="10" id="newstrength" name="newstrength" value="0" onkeydown="return onlyNumbers(event);" onkeyup="addstats();"></td>
</tr>
<tr>
<td>Evasion:</td>
<td>0.000</td>
<td><input type="text" size="10" id="newevasion" name="newevasion" value="0" onkeydown="return onlyNumbers(event);" onkeyup="addstats();"></td>
</tr>
</table>
<input type="button" id="submit" value="You MUST use ALL stats" disabled="disabled" onclick="javascript:reconfigure();"/>
<br /><br />
<div id="reconfigurebox"></div>
</center>
<center><br>
<a href="cc-city.php">Return to Crystal Creek</a></center>
</td></tr></table>
</td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td class="style2" style="height:40px;"> </td>
</tr>
</table></td>
</tr>
</table>
<table width="982" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td class="style2">Copyright (c) 2008 Immortalix.com. All rights reserved.</td>
</tr>
<tr>
<td class="style2"> </td>
</tr>
<tr>
<td class="style2"> </td>
</tr>
<tr>
<td class="style2"> </td>
</tr>
</table>
</body>
</html>
Ok. I'm thinking I can use JS injection to change the values. I looked in the AJAX file here:
function createXMLHttpRequest() {
if (typeof XMLHttpRequest != 'undefined') {
return new XMLHttpRequest();
}
try {
return new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
return new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
return false;
}
function refresh_stats() {
var xmlHttp12_out = createXMLHttpRequest();
params = '';
xmlHttp12_out.open("POST","ajax/statsajax.php", true);
xmlHttp12_out.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
xmlHttp12_out.onreadystatechange = function() {
if(xmlHttp12_out.readyState == 4 && xmlHttp12_out.status == 200) {
var brokenstring = xmlHttp12_out.responseText.split("-@[-");
if ( brokenstring[0] == 'stats' ) {
document.getElementById("statbox").innerHTML = brokenstring[1];
}
}
}
xmlHttp12_out.send(params);
}
function reconfigure() {
var xmlHttp13_out = createXMLHttpRequest();
var agi = document.getElementById("newagility").value;
var str = document.getElementById("newstrength").value;
var eva = document.getElementById("newevasion").value;
params = "agi=" + agi + "&str=" + str + "&eva=" + eva;
xmlHttp13_out.open("POST","ajax/ajax-reconfigure.php", true);
xmlHttp13_out.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
xmlHttp13_out.onreadystatechange = function() {
if(xmlHttp13_out.readyState == 4 && xmlHttp13_out.status == 200) {
document.getElementById("reconfigurebox").innerHTML = xmlHttp13_out.responseText;
refresh_stats();
}
}
xmlHttp13_out.send(params);
}
So basically the script will calculate remaining points. If remaining points is not 0 (more or less), the "You MUST use all stats" button is disabled.
I don't know how to change an element that is collected using getElementById
So far this is what I've got:
javascript: void(document.[don't know what goes here].remain.value = 0)
I'm still learning guys. I read elfenix's article here: http://www.zeroidentity.org/pages/articles.php?id=188
which was excellent, but I think it's different from this situation because there is no variable stated outright that one can change? For example, in elfenix's article "c" value was set to 100000, so his code:
Works.
Anyways, thanks for any help.
|
.png)
Zero Identity Forums - General - Web Security - Still Learning...
If you need any help feel free to pm me 
