On Aug 16, 2025, at 14:29, Dan Mahoney <danm@prime.gushi.org> wrote:
*sigh*
Short answer: OP did not put a game on the internet, they put a poorly coded CTF sandbox that does no input verification (doesn’t check referrers, doesn’t look at the http user-agent, doesn’t require login, doesn’t check cookies, doesn’t have a nonce in the form that’s checked) and invites people to gamify it, and even now seems not to understand the problem and why this is an issue. A few bored developers who understand HTTP and HTML forms way better than OP found it, and OP is inviting more people to do the same things rather than fixing his “game”.
One important edit to this: I did not mean to misgender or mispronoun, I meant to use more neutral terms and missed the possesive at the end. If I did, I apologize. -Dan