0day RCE in open source browsergame

Hi everyone! I ended up doing some cyber security research in TravianZ, which is an open source clone of an older game called Travian. I ended up finding all sorts of fun vulnerabilities and was able to find a 0day RCE.

The vulnerabilities are a bit more complex and I tried to explain them as well as I could. I would absolutely love feedback on my blog post to see where I can improve my writing skills! If anything is unclear please feel free to ask. I tried to make my blog post accessible to beginners, so if anything is unclear I will do my best to clarify! :slight_smile:

I hope you enjoy the read and learn something! :smiley:


it is too hard to find 0days or what is the process from how to find this…

The idea of a 0day is just a security vulnerability with no patch yet available, which all security vulnerabilities were at some point. So it’s not really difficult to find a 0day but a 0day RCE with no user input is usually a bit more difficult to find. Personally I just wanted to explore this application and see what I could find and ended up finding some cool stuff. There’s a lot of other projects I’ve looked into with no such interesting findings.

Good stuff bro awesome article

1 Like

Nice topic bro keep it up :laughing:

1 Like

Thank you very much @rdpfreak0 and @Lorakai!

This topic was automatically closed after 121 days. New replies are no longer allowed.