Comment 2 for bug 685940

It all starts in the hackit.js file.
On lines 692 and 724 a call the function notify_mission with the param hack_fail and hack_success respectively.
in the function (declaration starts on line 299) i split that param into the action "hack" and the result "success" or "fail" which i sent through the POST ajax call.
Those vars i use in the mission.

I assume that someone could forge the request and send a different hack result. But he will have to know the exact composition of parameters to sent and know exactly how the code looks like in order to be able to exploit it