Cracking a Microsoft contest or why Silverlight-WCF security is import

added by sandrino
12/23/2010 2:44:18 AM

0 Kicks, 76 Views

Now there I was playing the game while I was debugging an application with Fiddler when I noticed something... the Silverlight was communicating with a WCF service. Nothing special here, were it not for the fact that after some time I was able to access the list of all high scores, insert my own highscore (which could make me win a Windows Phone or a laptop), ... After doing a few tests I notified Microsoft Belgium, but I guess someone already took advantage of this 'exploit'. The top score is someone who solved the puzzle in a little over 2 sec... sure! Even if you tweak your mouse and have loads of luck it's not possible to drag the 4 balls that quickly. But this is as much the fault of the people who cheated as it is the fault of the people who created this game.