Summary

The dreamhack is a security education program managed by Theori. In dreamhack, Users can solve wargame challenges and write solutions. At this time, the user can write the solution for a fee/free of charge.

I found a vulnerability that could leak all of DreamHack’s Wargame Write Up using a simple IDOR. Unfortunately, I didn’t leak all Write Ups using that vulnerability.

Reporting Timeline

• 2022-04-04 15h 28m : Reported this issue via the patchday
• 2022-04-28 01h 37m : Status changed to new by patchday
• 2022-05-06 18h 01m : Status changed to classified by saika
• 2022-05-06 18h 13m : Status changed to fixed by saika
• 2022-05-06 18h 13m : Vulnerability score changed 3pts to 6pts by saika
• 2022-05-06 18h 13m : Bounty was set at 500,000 won by saika
• 2022-05-06 18h 14m : Status changed to payment in progress by saika

Reference

• Report