How to cheat fun-with-words.com

My mother loves to play boggle. I see her play the same boggle game online every day for hours at a time. The site of choice is http://www.fun-with-words.com

While playing some games I came across a little something when you submit your score. It looked too good to be true:

See it? The score is stored locally in a variable inside a hidden form field. By the way, I’m using the Web Dev Firefox extension to show all form field information.

What if we change this value to the high score?

Lets see what happens….

That’s right. No validation. It takes our high score without any questions. How can this

be prevented? For one thing, not storing the score in a hidden form field. I see a lot of

flash games that just send post data of high scores as plain text. This can be mimicked

with any programming language capable of producing an http request. The only way to

defeat this would be some sort of hash value sent long side the answers that verifies the

variables haven’t been modified.

 

Its a slow night when it comes down to cheating at word games 😛

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.