unlimitedorb

There are no invalid referers if you start on the scorchy slots game page directly. You can't just go to any old page and hit go with it. It has to be on the correct page in order to work properly, once it's on the correct page, it will automatically inherit that page as a referer. It just so happens that there is only one page that you need as a referer throughout the entire game process and since you start on that page, the referer is correct. It's almost the equivalent of refreshing the page, but can press "collect" for you as well if you win anything.

For alot of situations you have to explicitly set the referers because of the nature of the program. But using AJAX for this, you don't have to. In fact, even if you wanted to change the referer, browser security will not allow you to do so with AJAX.

I was referring to the script itself as in it's not doing anything malicious like sending cookies. It will definitely show valid referers since there is only one referer that you need, inline javascript inherits whatever page you are on as a referer when sending XMLHTTP requests, but...a broken clock is correct twice a day, in this case you were correct that it isn't safe but not for the right reason.

Completely.

The below is a javascript url (or inline javascript if you rather) that I made to autoplay scorchyslots. I don't know if it still works with the new layout, but if it doesn't it doesn't matter because a new version with some artificial intelligence will be released in my upcoming Firefox extension. Just enter it into your address bar on the scorchy slots page and press go, it should automatically start playing. I'm starting on a Firefox extension for macroing different kinds of games (and it will be updated) so stay tuned. The space in "java script" should be removed, this forum automatically inserts it as an XSS prevention measure.


java script: var ni = document.getElementById('ban'); var newdiv = document.createElement('div'); var divIdName = 'neoResponse'; newdiv.setAttribute('id',divIdName); ni.appendChild(newdiv); var XMLHttpRequestObject = false; try { XMLHttpRequest } catch (e) { alert("Could not create XMLHttpRequestObject. Please Make sure you are using Mozilla Firefox."); } XMLHttpRequestObject = new XMLHttpRequest(); function socket() { var neoCollect; var container; container = window.document.getElementById("neoResponse"); try { neoCollect = window.document.forms[0].collect.value; } catch (e) { neoCollect = false; } if (neoCollect == false) { if (XMLHttpRequestObject) { XMLHttpRequestObject.open("GET", "http://neopets.com/games/slots.phtml?hold1=&hold2=&hold3=&hold4=&play=yes", true); XMLHttpRequestObject.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); XMLHttpRequestObject.onreadystatechange = function() { if(XMLHttpRequestObject.readyState == 4 && XMLHttpRequestObject.status == 200) { container.innerHTML = XMLHttpRequestObject.responseText; }}; XMLHttpRequestObject.send(null); delete XMLHttpRequestObject; }} if(neoCollect) { if(XMLHttpRequestObject) { XMLHttpRequestObject.open("POST", "http://neopets.com/games/process_slots2.phtml", true); XMLHttpRequestObject.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); XMLHttpRequestObject.onreadystatechange = function() { if(XMLHttpRequestObject.readyState == 4 && XMLHttpRequestObject.status == 200) { container.innerHTML = XMLHttpRequestObject.responseText; }}; XMLHttpRequestObject.send("collect=true"); delete XMLHttpRequestObject; }}} function socketLoop() { setInterval("socket()", 1000); } socketLoop(); alert("AJP's Dead Player V1.02a in Progress...");

I'm not saying that they actively view that you have gone to sites that are generally frowned upon when it comes to legitimate gaming, I'm just saying is it possible that they could use this as evidence against you as a sort of deciding factor when it comes to freeze your account or not if it's being reviewed. And neopets toolbar? Is that some sort of add on?