Browse
Category
DiscussionsUncategorized

PSA: ItsTooHard vulnerability - FIXED

Closed
bobofatt

Earlier today, a way to exploit ITH puzzles and solve any puzzle without effort was passed around. It's already being used on forum puzzles. I sent Jexel an email about it, but until he comes online and figures out a solution, it's recommended that you don't create any ITH puzzles for the forum. If you have a current one running, you may want to cancel it.

EDIT: Thanks Jexel for the fast response! Leaving this open, as anyone who had a puzzle running might have had it compromised and needs to know.

10 years ago*

Comment has been collapsed.

23 Comments
Deleted

This comment was deleted 3 years ago.

10 years ago
Permalink

Comment has been collapsed.
zelghadis

Jexel ran a massive group puzzle earlier this year so I thinnk he still comes by ;)

10 years ago
Permalink

Comment has been collapsed.
Ultor

Shouldn't it be enough to remove the results? And once the exploit is fixed, put them back in.

10 years ago
Permalink

Comment has been collapsed.
HustlaOG

One has to have an account there. Not every user creates puzzles using their account.

10 years ago
Permalink

Comment has been collapsed.
HustlaOG

Thanks for the warning Bobo!

10 years ago
Permalink

Comment has been collapsed.
SalarianChemist

Thanks for the heads up. Free Bump to spread awareness.

10 years ago
Permalink

Comment has been collapsed.
Mew2

Got it. Thanks!
Edit: Welp. That was fast.

10 years ago
Permalink

Comment has been collapsed.
Breakfast

I feel like this should be stickied, at least until the problem is fixed.

10 years ago
Permalink

Comment has been collapsed.
lysergic

It's already fixed n.n

10 years ago
Permalink

Comment has been collapsed.
Jexel

It's fixed. Thanks for the heads up Bobo!

10 years ago
Permalink

Comment has been collapsed.
zelghadis

Thanks Jex! :>

10 years ago
Permalink

Comment has been collapsed.
Ultor

That was quick... Thanks for fixing it!

10 years ago
Permalink

Comment has been collapsed.
Gabzilla

Hey Jexel...make the next ITH theme about me ok?

10 years ago
Permalink

Comment has been collapsed.
Gabzilla

I've witnessed the thread where all this started. I've checked back 10 minutes after the thread was made, it was closed and the guy not suspended...it usually took like 0.0001 seconds for the staff members to suspend me for speaking my minds but it seems like they don't feel this was a worse breaking of the rules than what i did...

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

10 years ago
Permalink

Comment has been collapsed.
zelghadis

well, MAYBE it's because what you say in topics you get suspended for is usually strictly against SG rules, while atm ITH is not part of SG network, so person posting it may have no means to know it's not allowed?

I mean honestly - you compare a random user reporting random exploit in random site that is not part of the network to for example your topic where you falsely call out a bunch of network users and you think it's the same thing?

10 years ago
Permalink

Comment has been collapsed.
bobofatt

^

10 years ago
Permalink

Comment has been collapsed.
PPG113

Also, surly its wasnt happen stance that a mod saw his report first and was able to act on it or anything. NOPE, its a site conspiracy I tell ya.

10 years ago
Permalink

Comment has been collapsed.
Algaivia

I always love to know how these vulnerability got used, whenthey fix it can someone show, o explain how it worked?

10 years ago
Permalink

Comment has been collapsed.
Angrygamer

+1 since it's already fixed, is it possible someone can explain how the exploit was done?

10 years ago
Permalink

Comment has been collapsed.
Krivi

.

10 years ago
Permalink

Comment has been collapsed.
wisnoskij

So what was the exploit?

10 years ago
Permalink

Comment has been collapsed.
jbondguy007

I never really knew Jexel was the genius behind itstoohard... O_o

10 years ago
Permalink

Comment has been collapsed.

Closed 9 years ago by bobofatt.