today at school, my teacher decided to open up a quizizz. it seems that quizizz had added a new reactions feature!

obviously being the terrible kid i am, i wanted to know how these reactions worked so i could spam them relentlessly. so i went ahead and clicked on one of them, then checked the network tab.

looks like they send a http request to send a reaction. this looks easily abusable, lets copy that as a fetch request.

i went ahead and wrote a quick for loop with the fetch request inside

for(let i = 0; i < 100; i++) {
   // fetch request goes here
}

let it rip! the best part about this is that a sound played for every single one of these reactions, and i sent so many that audio just stopped playing. it was really funny.

while reproducing this for the blog post, i realized that you can spoof the player id, so you can use any name you want.

moral of the story: remember to use rate limits to stop kids like me from potentially crashing the teacher's computer (and possibly the entire school's wifi)