To Do:
1. Sway the results of closed archived polls
2. Make the poll results add up to less than 100%
3. View the results of a poll before it is aired on the show
You can see this as a product of poor data sensitization. Messing with FireBug Firefox extension causes permanent data changes on the server that no one seems to notice or care about. So if you're a developer, may this be a lesson you never have to learn in production - sanitize input on client side and server side.
1. Change archived poll results
Simply change loadArchivePoll to loadPoll. That's it.
<div class="Pollwrap">
<div style="padding: 5px; cursor:pointer; border-bottom: 1px solid #cccccc;" class="pollArchiveItemOff" id="pollArchiveItem0_0" onmouseover="" onmouseout="changeBackgroundClassArchivePoll('0','0', 'Off');" onclick="loadArchivePoll('0','9337','0');"><span style="display:block;">Make a prediction - will Attorney General Eric Holder resign?<br>May 30, 2013</span></div>
</div>
2. Polls that add up to less than 100%
This effect can be easy triggered. If the radio button's value attribute is edited to something not in the given values in the multiple choice survey, it won't be counted.
<input type="radio" value="Fake value." name="surveyAnswer">
3. View the results first
Okay, I'm leaving this one as an exercise for you! Trust me, it's as trivial as the other two hacks. Hint: take a poll legitimately, and figure out where the form takes you to view the results.
No comments:
Post a Comment