Rating:
A service with multiple backends. It has two vulnerabilities: a crypto vulnerability, as the crypto was implemented with magenta crypto. The second vulnerability is in holiday, in the file parsing: while the whole system supports multibyte characters, this backend reads data from file byte by byte, allowing the injection of forbidden characters, such as \n and |. This coupled with two loose parsers enables the attacker to impersonate any user, and as a consequence get the task descriptions of the game server. For a detailed walkthrough and samples exploits, checkout the original writeup.
