by Chloe, October 14, 2024
So, a few months ago, my friends told me to get on this game, "Redmatch 2". Sure, it was free on Steam. Why not? And after a bit of playing... I notice it has this skin system. You can have your own images as a skin in the game! Awesome, right? I decided to mess around with it. It didn't let you add images from anything other than Imgur and... imgbb?
Okay then. If I remember correctly Imgur didn't like large images, so I tried uploading a 15000x15000 image to ImgBB... and it worked!
Well, shit is about to get serious. I went into Task Manger after starting a private match, and...
Oh. Oh boy.
I then spun up a VM with 4GB of RAM and 2 cores (probably representing 50% of Redmatch's playerbase...)
It's only gonna be hell from here.
I found the dev in Redmatch's Discord server, and I sent a DM to him, trying to disclose the exploit responsibly.
And then, after a while, he responded:
Okay, at least tell me when you'll patch it?
Duuude...
After a while, I decide to publish this exploit publically. I tried responsibly disclosing it. And I failed.
Hope you enjoyed reading this. :P