Some super simple exploits in a browser game that I documented–like I’m pretending to be a security researcher or something.
File: Some Security Stuff About Mythea (PDF)
tl;dr An online browser game has vulnerabilities. I show how to exploit them and suggest changes to avoid them. The exploits aren’t really sophisticated or unique, but I used this as a writing exercise and (as a player of the game) hoped the author would fix the issues if they were more public.
Mythea is webbrowser-based game where you manage a medieval kingdom, cooperating and competing with other players in a fantasy setting. For the time that I played the game, I found that there was an unsatisfactory amount of development attention directed at the quality of the system that ran the game. I spent some time to discover and document a small number of problems, demonstrated attacks that used them and tried to show how things could be done differently to avoid the problems.
I had seen security research papers done in a very professional looking format where they point out exactly what exploits were possible in a system, how they worked, and how they could be prevented. This paper tries to mimic that but in a much more amateur capacity and context.
In early 2014, I gave the site administrator a copy of my paper so that they could benefit from it.
In 2017, someone contacted me about it. He used the vulnerabilities to create a bridge between the game and the discord channel for his group. The API changed a bit so we found some attacks didn’t work and discovered new ones.