SoylentNews

takyon [soylentnews.org] writes:

A teenager found a flaw in Valve's Steam game approval process [theregister.co.uk], and used it to publish an unapproved game about a familiar subject [soylentnews.org]:

A 16-year-old lad in Manchester, England, exploited flaws in Valve's developer site to publish on Steam an unapproved game about watching paint dry. Ruby Nealon, a computer science student at Salford uni, said a set of programming blunders in the Steamworks website let him sneak his Watch Paint Dry roleplaying game [medium.com] past Valve's censors and onto gaming store Steam without their approval. "The Steam store had a game posted to it on Sunday called Watch Paint Dry that was never reviewed by anyone at Valve," Nealon told El Reg. "I published it after they ignored several reports of the vulnerabilities."

Nealon first managed to blag an account on Steamworks, Valve's developer platform, and created some basic in-game trading cards. He then fiddled with the HTML form data sent to Valve's servers to trick the system into thinking they had been approved by a Valve editor. He basically changed his user ID number in a form element from his own to a Valve employee's and then changed the approved state to accepted, and submitted it. Bingo, that worked.

Here is a Reddit IAmA [reddit.com] about it.

Original Submission