#!/usr/bin/perl # history # - I submitted http://is.gd/bGomC 123456 on April 24 3pm # it got taken down on .... use strict; use warnings; require LWP::UserAgent; use CGI::Util; my $ua = LWP::UserAgent->new(agent => "netreaddll"); # ==== Object SubmitButton, left-pressed event ==== # # SubmitOnline(global.label2,735,global.finalscore,7314837,40,79054); # # # ==== submitonline function ==== # //gmh example - version 1.3 # # //argument0 = name # //argument1 = game id # //argument2 = score # //argument3 = verify1 # //argument4 = verify2 # //argument5 = verify3 # # //submits score with the name specified, for the game with the game id specified # //you can find the verify numbers and the game id for your games by clicking # # var verify, site, act, result; # # verify = round((argument2 + argument3)/argument4) mod argument5; # # site = "http://www.gmhighscores.com/newhighscore_action.php?game=" + string(argument1) + "&score=" + string(argument2) + "&verify=" + string(verify) + "&user=" + argument0; # # ==== desired output ==== # http://www.gmhighscores.com/highscores.php?gameid=735 #my $username = "marknau (Elf Bloodmage)"; #my $username = 'http:/<> (Elf Bloodmage)'; # is it XSS vulnerable? (on first glance, no) my $username = 'http://is.gd/bGomC'; #my $finalscore = 123456; my $finalscore = 298; my $argument0 = $username; my $argument1 = 735; my $argument2 = $finalscore; my $argument3 = 7314837; # on http://gmhighscores.com/, this is known as "verify 1" my $argument4 = 40; # on http://gmhighscores.com/, this is known as "verify 2" my $argument5 = 79054; # on http://gmhighscores.com/, this is known as "verify 3" my $verify = round(($argument2 + $argument3)/$argument4) % $argument5; sub round {int(shift() + 0.5)} my $submit_url = "http://www.gmhighscores.com/newhighscore_action.php?game=" . $argument1 . "&score=" . $argument2 . "&verify=" . $verify . "&user=" . CGI::Util::escape($argument0); print "Will submit URL:\n$submit_url"; my $response = $ua->get($submit_url); print $response->as_string;