TimeType is a typing test featuring a replay functionality. Allowing users to test their typing speed and accuracy, and to replay their typing sessions.
For more detailed documentation see: docs
- Typing Test: Measure your typing speed and accuracy.
- Replay Functionality: Review and analyze your typing sessions.
- Custom Text Upload: Upload your own text to create personalized typing tests.
- Explore Different Eras: Travel through various historical periods, each featuring unique texts that reflect the language and style of their time.
- Multiplayer: Play against your friends
- Functionality: Stores and manages typing session replays.
- Vulnerability:
- Insecure UUID Generation:
UsesSystem.Random(which relies onsplitmix) for UUID generation.
System.Randomis not cryptographically secure. This allows attackers to predict UUIDs, leading to unauthorized access to other users replays.
- Insecure UUID Generation:
- Functionality: Allows users to upload custom texts.
- Vulnerability:
- Path Traversal:
Due to missing sanitization of slashes, a logic flaw, and weird behavior of</>, attackers can upload files with names like//data/uploads/<username>/<filename>to access other peoples texts.
- Path Traversal:
- Functionality: Users can create private password protected Lobbys.
- Vulnerability:
- Missing auth check:
The HTTP endpoint checks if the user has the needed auth session cookies for joining the lobby, the WS endpoint is missing these checks.
- Missing auth check: