API tools faq
paste
MeKLiN2

cts tinychat script cosmosist stealth ad click in PM box

MeKLiN2
Mar 1st, 2022 (edited)
282
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.31 KB | None | 0 0
raw download clone embed print report
  1. MeKLiN x
  2. Tue 3/1/2022 3:20 PM
  3. detected by dr. meklin of IRONY chat, there is a certain javascript MouseDown event handler, which normal tinychat code would have only one or two functions for, to grab the pm and strip the whitespace of the private message box as it does when the pm shows its been clicked/gone/closed. For cosmosist https://greasyfork.org/en/scripts/392086-cosmosist-s-tinychat-script-cts-v1-8-50 script, there are about 4 events. firefox's f12 inspector is more complex and shows FLEX buttons above the inner div's and html code relating to private messages, and i was able to grab some code from it. i cant get it to show on ubuntu opera, though. here is a google drive of all the links it inserts into an iframe event for anyone who clicks an unread pm. https://docs.google.com/document/d/1lvhn0iR4iXvcCdB6VdcRBHk7-1c9KRmN4pDMtD1MMxs/edit . furthermore, if you !ignoreadd function of his script, it wont truly ignore, because that 'line' needs to be open to 'get' more pms, which serve as his stealth clicks activation. so you get them, but they are blank, and any messages they type in the main chat box are invisible. if it were to truly ignore, a strikeout text line would appear through their name in the chat user list, and you would not be able to get a pm, aka prime the eventlistener, which is not visible anywhere in his main code except for what the single attached image of this email is, and you can go see it yourself, its public. how it does this i have not been able to figure out, other than its stripping the accused DIV from the page and reinserting more code, maybe from another website. there are many exploitations of the webrtc i believe in play used by his script on tinychat that the tinychat does not normally allow, possibly viruses, as it does function to 'save' a file of the chat log. again this code is not in the main elements of TC and only is visible when you get a PM. Can TC change their code so this element has another name? I have already told all my friends not to use it. Can GreasyFork remove his script, or do I need to provide more evidence. simply install the script, go to a chat room on tinychat, new private window another account into the chat, and pm the account using the script, inspect to see total exploitation of our friendly userbase.
  4.  
  5.  
  6. https://www.youtube.com/watch?v=p_Kmlir3IPc
  7.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!