|
Post by Joe Dawn on Jun 23, 2022 11:06:58 GMT 1
KoGaMa Profile: www.kogama.com/profile/25402521/Web Browser: Chrome Client: WebGL Steps to Reproduce:> Click a game from kogama.com > Wait for the page to load. > Refresh the page. Results:> Each time you refresh the page, it gives you 1+ visit, which can be easily exploited through http:// requests
|
|
|
Post by Daniel W on Jun 23, 2022 13:37:45 GMT 1
Hi Joe Dawn The counter goes up every time you enter a game right, not just when you visit the page? Also, could you explain the "http:// requests" since I am not familiar with this or how this can be exploited using it?
|
|
|
Post by Joe Dawn on Jun 23, 2022 14:29:51 GMT 1
Hi Joe Dawn The counter goes up every time you enter a game right, not just when you visit the page? Also, could you explain the "http:// requests" since I am not familiar with this or how this can be exploited using it? It will be immediately attributed when you launch the standalone, not when you enter the game. you can pull a "post" request with fetch or any of those endpoint requests, it's for grab/send data //ObjectID = GameID, you can change the ID of the game down below.
setInterval(()=>{ fetch("https://www.kogama.com/locator/session/?objectID=10215154&profileID=0&lang=en_US&type=play", { "method": "POST" }); }, 300)
|
|
|
Post by Daniel W on Jun 28, 2022 15:52:26 GMT 1
Hi Joe Dawn I have asked someone who knows more about this than I do and I am waiting for an answer. I will answer you here as fast as possible
|
|
|
Post by Daniel W on Jun 29, 2022 16:11:22 GMT 1
Hi Joe Dawn I talked to our developer and he is actually looking at this exact issue. Your report helped him figure it out, so thank you for that. You will of course be rewarded for this Do you want to be rewarded on the linked profile though? I checked our system and the profile is expelled from the site
|
|
|
Post by Joe Dawn on Jun 29, 2022 23:43:44 GMT 1
Hi Daniel WI'm glad that I could help!! When you already ask me in that way can I then get unbanned from Kogama Instead?
|
|
|
Post by Daniel W on Jun 30, 2022 8:06:56 GMT 1
Hi Joe Dawn Unfortunately, I am not allowed to unban you, and I think that even if you write to support there is a very small that you will get the account back. You can always try though
|
|
|
Post by Joe Dawn on Jun 30, 2022 9:36:21 GMT 1
Hi Daniel W Okay! Thanks very much for your fast response, and I will definitely have to find a way, even if it may take months. The followed reward you can give on my linked profile, thanks. And btw if the developer searches for more vulnerabilities, he can always write a direct message on Discord and he should never wait to long otherwise the problem will increase. - wise words from JoeDawn. Discord: JoeDawn#4188
|
|
|
Post by Daniel W on Jun 30, 2022 19:43:47 GMT 1
Hi Joe Dawn I will reward you on the profile then. Have a nice day
|
|
|
Post by Daniel W on Jun 30, 2022 19:45:07 GMT 1
Thanks for reporting this issue, I've added it to our bug tracker You've been awarded 200 gold, 1 successful bug report, and the tester badge Base reward: 40 gold, 40 gold for a high-quality bug report, and 1 successful bug report 1st report: +120 gold, +tester badge
|
|