How KapitanLevan played CodeCombat

A few years ago, I used to record walkthroughs of educational coding games on this YouTube channel:
Random Coder

My favorite game was CodeCombat:
https://codecombat.com

What makes it great is that you don't just solve programming puzzles; you control a hero who completes various missions and fights wicked orcs ⚔️

After beating the game a couple of times, I got bored and decided to look for some bugs in it.

The game itself is structured like this:
• open source frontend built with CoffeeScript
• closed-source backend

I managed to find a few amusing vulnerabilities (there are videos about them on the YouTube channel):

1. IDOR
You can access any level, even locked ones, simply by entering its URL in the address bar:
https://youtube.com

2. You can equip any item from the shop without purchasing it
I don't know the exact name for this vulnerability (css tampering) 😄
https://youtube.com

3. Code Injection
It was possible to get secret items that are only available to developers:
https://youtube.com

All posts and stories can also be found in the Telegram channel Adventures in IT

How KapitanLevan played CodeCombat

Tags:

Related articles

How to monetize a Telegram bot?

How to launch a Telegram bot in 5 minutes