Munity is a game where you can test yourself on things related to an artist.
This game gets the song and album names from Spotify, and then gets lyrics from Genius.com.
You can play it without signing up, but if you sign up, you can see your highest scores in each game and can have XP and money.
Currently, you can test yourself on an artist's song lyrics and album covers.
Thanks to @dillonb07 for the help with the logos!
Play it here: https://munity.vulcanwm.repl.co
Have fun playing it!!!
Top comments (4)
Hi so thanks for commenting about the corner shop that was cool, I was curious what you make so I found this, for fun, I spent a little time trying to inject an XSS attack into this leaderboard page, good job on the username policy, no special characters and must be short, I could not inject a script. I probably couldn't with encoding tricks either or mount an stack on your database π₯³
It's 1:41am and I have to sit in my son's room waiting for him to sleep, nothing else to do π
Hey, thanks for checking out this project! I have no idea how XSS attacks work but Iβm glad Munity has great security lmao.
Damn ur son sleeps late, how old is he?
His autistic π¦
So the basic idea of XSS is to inject a script tag at any place a user can edit the value of the page, in your case, the leaderboard is a security risk because usernames are displayed, so if my username is set to
Your database then saves my malicious script and when any user goes to the leaderboard, then the script is rendered to the page instead of a username, well kind of, it's the username anyway... The alert fires off "attack".
So why is that dangerous?
If you can get a script in, you can change all the links to go to similarly styled malicious pages, or even do a post to a malicious server and execute something nasty.
Oh really? My brotherβs autistic too.
Oh okay, thanks for the explanation.
Makes much more sense now