IJJI G COIN EXPLOITS
SQL and JavaScript Injection / XSS / PHP additions / HTTP and HTTPS header modification
WORKING January 1, 2009!
Credits to Mirage & Lolhax
This method bypasses the need to PAY for ijji coin.
This is possible because there are vulnerabilities in the ijji website.
Instructions:
1 Login here
2 Click “Add G Coins”.
3 Enter the following in the address bar: javascript:chkAmount('">')
4 Select an amount (DO NOT SELECT A METHOD). You can only pick up to $50 for now, repeat steps 2-5 for more G coins.
5 Click OK. You should be redirected to the ijji main page. If you weren’t redirected, it didn’t work.
6 Enjoy your new G coins (as many as you selected as your amount).
You SHOULD get the G Coins instantly. If not, they should come in about 15 minutes.
If you have problems, contact me.
The page in the instructions is just like the ijji website, but with modified HTTP/HTTPS headers, minor SQL injections in the forums and modified PHP pages and few XSS exploits, to successfully bypass the need to pay for G Coin, and get it entered into your account.
Here are some screenshots:
For those into website coding, this is how it’s done (very simple):
As we all know, ijji is infamous for its website exploits (like the security answer), the method of the payment (like Google Checkout) is now injected as a method that doesn’t exist using both XSS and SQL injections, plus the forms of the website are modified to stop any errors from occurring. It basically nulls any need to pay for it.
The HTTP/HTTPS headers are used to bypass any payment websites that ijji will attempt to send you to.
This works because of the lousy coding of the ijji website.
And, of course, like all of the other exploits, this will be patched fairly quickly, so do it now or soon.
ijji relies on too many client-sided scripts, and not enough server-sided, which allows us to also make GM names, bypass ban/termination, etc. described in my next tutorial.
I suggest getting no more than 5000 G Coins.
You will probably get banned if you surpass this limit.
Don’t overdo it!
Sorry about foreign language...