Tipping posts- also a stupid trick

[Kitsune]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

[Use]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

dang lol

this was my first try at finding something useful though

[Kitsune]

dang lol

this was my first try at finding something useful though

Nice try though, A for effort.
I miss gaia in the year 2003

[Use]

Nice try though, A for effort.
I miss gaia in the year 2003

because it was easier to hack? xD
or other reasons?

[Tree]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

Gives you that error because of invalid nonce, or invalid parameters in the GET/POST

[323]

Gives you that error because of invalid nonce, or invalid parameters in the GET/POST

This.

You have to supply your own nonce if you want to use that, which would require programming I believe.

Hey wait, I just had an awesome idea!

What if you supplied a URL that directed to a website under your control, and that page uses Javascript or something to grab the nonce from your cookies or a Gaia page or something like that, using the person's session, and then can redirect them to a properly-formatted tip URL that has their nonce and everything so the tip works?

[Tree]

This.

You have to supply your own nonce if you want to use that, which would require programming I believe.

Hey wait, I just had an awesome idea!

What if you supplied a URL that directed to a website under your control, and that page uses Javascript or something to grab the nonce from your cookies or a Gaia page or something like that, using the person's session, and then can redirect them to a properly-formatted tip URL that has their nonce and everything so the tip works?

The nonce isn't store in your cookies, it is generated for each page. It is account independent, you can use the nonce from the generate nonce pages I linked to, and use that nonce on any other account in any store. So with tipping, each tip has it's own nonce generated by the server. A nonce is almost definitely never account dependent. All you would have to do if you really want to make a tip bot is just make a page scraper to get the nonce value for each tip or something, there is no need to complicate something as simple as a Nonce.
I think a lot of you are thinking waaaayyy too much into this nonce thing, when it's extremely simple.

• A nonce is not stored in your cookies, it has no reason to be.
• A nonce is generated on a per page basis, and often only works on a per section basis.
• A nonce is not your session it is just a randomly generated string, sometimes using keys, such as SID, time stamps etc to generate the nonce.
• A website cannot just grab cookies from any domain the user has been to, that would be an incredible security flaw. In order to do this, you would have to find an XSS which supplies the SID in the cookies, redirect to whatever script etc you want for cookie grabbing. However this is fairly useless in most scenarios, and as I said would have no bearing on a nonce.
• Why would you go so far as to wanting to cookie grab etc just to get people to tip your posts when it'd be a million times easier just to make a bot that uses the database my account gen makes, and have each account tip your post by scraping the HTML of the page for the nonce, and posting the tip?

[323]

-snip-

Oh okay, I see what you mean. Also, random question, any idea how to go to a store by it's store #? I got an error: "Wrong store [Store: -store#-|Item: -itemID-]"

so, for example:

Wrong Store: [Store: 1|Item: 52051]

Would be for store 1 (The barton boutique) and Item # 52051, teh Easter Event 2010 Chickey.

I tried putting &store= in the URL and stuff, but that didn't work either. Any idea how to access stores by store number?

Lol just a random question.

[Tree]

Oh okay, I see what you mean. Also, random question, any idea how to go to a store by it's store #? I got an error: "Wrong store [Store: -store#-|Item: -itemID-]"

so, for example:

Wrong Store: [Store: 1|Item: 52051]

Would be for store 1 (The barton boutique) and Item # 52051, teh Easter Event 2010 Chickey.

I tried putting &store= in the URL and stuff, but that didn't work either. Any idea how to access stores by store number?

Lol just a random question.

Stores use the key parameter to determine which shop you view.

[323]

Stores use the key parameter to determine which shop you view.

I already knew that, but today I discovered that they also have a store number. I'm just not sure how to view them based on store number.