> Help,
>
> Last week we launch a new on line game, people seem to want the
> free trip...
> they have successfully hacked it.
>
> It's a ColdFusion/SQL7 driven site with the game in Flash. CF and
> Flash send
> security and score information back and forth.
>
> Somehow, despite not being able to play more than once, and if they do the
> players score doesn't increase until the next day. People are running up
> really high scores, like a million points when the highest
> possible cum for
> the contest until today is 500.
>
> Please take a moment and see if you can run up a score and if so, how.
>
> I'm on a few hours sleep this week on another deadline, so if this email
> isn't clear please let me know. Otherwise have fun.
>
> http://www.lossimpson.com Click on the Bart Bowl game.
Don't have time right now, but, as example, a few years ago I hacked the tv
show The Profiler's special online game about jack the serial killer.
You were supposed to fine 9(?) items scattered about the site. Of course
they kept score client site via cookies. I simply went into netscape's
cookie.txt file, and found the variable's their site was creating. It was
_instantly_ obvious to me they were bit encoding the items, so changed the
number's boolean flags to give me everything and saved the cookie.txt.
Started the browser up.
I won. Think I was second there. (Made me feel... like a predatory serial
killer, oddly enough. ;-)
Point is, are you saving _ANY_ info client side? If it's anything beyond a
simple unqiue session id, you're going to be hacked.
--min
>
> Thanks much,
>
> Rick
>
>
> _________________________________________________________ Do You
> Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
>
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
