Welcome Back Hunters!
In my previous story I shared how I got my first bounty (membership) from chess.com and if you haven’t read that already I will drop it below towards the end.
Press enter or click to view image in full size
Since, I got the membership I can fully test all the features without any restrictions and by doing so I ended by on the leaderboard.
Press enter or click to view image in full size
What the app was doing that I exploited?
When solving the puzzles — any format — survival, 3 mins or 5 mins, the moves you are making are not sent to server right away!
When you loose after 3 strikes, all your moves are then sent via an api call.
Press enter or click to view image in full size
The catch is the challenge id. Every form has one and if we capture the game with correct moves and use them later changing this challengeID we can…