About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

MonkeyType Vulnerabilities - 603

Tyler Butler - ObsrvaPosted 4 Years Ago
  • MonkeyType.com is a popular open source type testing application with over 100K unique daily users. As a result, vulnerabilities on this are quite impactful!
  • The first vulnerability was stored XSS in the chat functionality. Both the message and name parameters do not sanitize input on the backend; they only sanitize it on the frontend prior to sending it back to the backend. As a result, XSS is fairly trivial to perform and can be used to steal auth tokens and take over the account.
  • The second vulnerability is a user spoofing issue. While sending messages to other users in the web sockets, the user is a controllable parameter. Hence, this value can be controlled to change the display name of the user, which should not be possible.
  • The final vulnerability is an authorization issue on the leaderboards. When somebody obtains a high score, they should be able to submit this to the leaderboards. However, the requests to change the leaderboard are done via the client-side. As a result, we can arbitrarily set high scores with usernames on the leaderboard. Clearly, this is a problem.
  • The final two findings are cases of the client not considering the content being sent and the dangers of this functionality. These are the intended features but are just being abused to impersonate other users and alter the scoreboard. Overall, good findings!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed