Javascript exploit for a timer

Ok so here it goes… I am doing an online cyber security competition where you have to answer questions within the alotted time. they rank based on your score first and then how long it took you to complete the quiz. I have completed my first two times and got a score of an 80 with a time of just over 3 hours and then took it a second time and got 90 in just over an hour. When I look at the leaderboard there are multiple scores of 100’s, 90’s and even 80s with submission times of 1 sec, 3 sec, 1 min, 5 mins, etc. When I questioned the people in charge they said the only rule was not sharing answers. The rules dont say that you can write a script to solve a problem. My thing was the submission time wasnt a problem to solve but apparently you can change your time. I have seen this done in seminars I’ve taken where we play our own CTF type event but have no idea where to start. So my question is what exactly are they exploiting to change their submissions times from whatever it really is to something else? And how exactly are they doing it?

@krypt0 Some reading and study on time stamps and packet forging will give you a better idea. Are the questions all on one page? Use burp suite.

1 Like

No… They are on like 3 pages… Someone had mentioned to me about creating a custom POST request changing the time but i’m not sure exactly on the proper way to do that…