It’s been a month since I published my last vulnerability, and IJJI has made several positive changes to their code (specifically with callback scripts).
The following posts have been patched due correctly encoding brackets, quotes, or blacklisting non-alphanumeric characters:
- Global Pre-Download [BONUS2]
- Global Pre-Download [BONUS]
- Login Next URL
- JSON Info Callback
- BBS Forum View
- Lunia Poll Callback
- JSON Last Login Callback [BONUS] (still works on gunz.ijji.com though..)
- Gunz Poll Callback
- Huxley Poll Callback
- CRM Check Callback
- Drift City Poll Callback
- JSON Balance Callback
- JSON Gem Callback
- JSON Buddy Callback
The following post has been patched thanks to the use of the isNaN function over eval:
The following posts have been updated:
Updated the src attribute to call the event onError in Firefox 3.5.
Updated without the use of quotes.
IJJI has now published Holybeast Online, and begun the open-beta for Soul of the Ultimate Nation (S.U.N). They’ve also pushed their new launcher, Reactor, an extended web-wrapper for organising installed games. Steam anyone?
I’ve updated the categories for now, but I shall expect them to be outdated as this blog becomes forgotten about.
Oh, one last thing: Pre-Game Start 
