nathanielbd
commented
4 years ago An even more problematic console exploit is setting that user's id to a certain string so that they get escalated to ninja privileges. This is pretty easily done in the console with the id being global.
There are also other exploits like the function for changing the question (and thereby revealing the answer) are global, but they are obfuscated. I'm deliberately being vague, but either way the system is vulnerable to cheaters without much effort.
I'd also be interested in contributing if you are open to pull requests.
AKushWarrior
The answers to questions can be accessed through the javascript console, for example
Will show the answer in the console. Users are able to take advantage of this by buzzing immediately or after 1-2 words have been read. They can also circumvent the ban hammer by stealing 4-5 questions, waiting for a while, and repeating. Furthermore, even if they are successfully banned, they can simply get back in using a VPN or something and continue disrupting the experience for others.
Today was the second time I have encountered such a kind of cheater, so I was curious to see how they did it. I found the above trick almost immediately, and I wouldn't be surprised if there were other ways to exploit the console.
Some suggestions:
Are you open to pull requests? I'd be interested in trying to contribute. Otherwise, I just wanted to make you aware of this small little exploit so you can resolve it on your own time if you wish.
Also, I just wanted to say thank you for your work. Protobowl is super fun and a nice tool for reviewing and staying sharp on things. I highly appreciate it!