MovieStar Planet 2

MovieStarPlanet 2 is a social fashion game available on mobile (iOS and Android) and browser platforms. Designed for younger audiences, the platform enables users to chat, share content, customize avatars, and decorate virtual homes.

With social features and cross-platform access, the attack surface included:

• Account and session management
• Business logic handling
• Access control enforcement
• Client-side and browser-based vulnerabilities
• Availability risks (DoS threats)

Given its audience and social nature, security vulnerabilities could impact user safety, platform integrity, and brand reputation.

The development team required structured penetration testing to identify weaknesses before malicious actors could exploit them.

Cyrex conducted comprehensive grey box penetration testing over a two-week period, covering both mobile and browser environments.

The engagement evaluated application logic and exposed endpoints across:

• iOS and Android applications
• Modern browser-based platform

Our testing included detection of:

• Business logic flaws
• Access control vulnerabilities
• Session management weaknesses
• HTML injection issues
• Denial of service threats
• Open redirection vulnerabilities
• Frame injection points

We assessed whether server-side validation and session controls properly enforced user permissions and prevented manipulation.

During the engagement, Cyrex identified nearly forty security flaws, with sixteen deemed critical by the development team.

We delivered:

• A comprehensive security report
• Clear descriptions of exploit scenarios
• Practical remediation guidance aligned with best practices

The development team secured the vulnerabilities within weeks following our recommendations.