Every day the News24 site has a user vote. I recently decided to take a closer look at their system – perhaps I could defeat the vote security. It would be fun (who says I’m a geek?) and I could learn something new.
I used a combination of Firebug and Python to watch their voting system in action. Pretty soon I realized that the security is very simple.
This is the process that News24 uses to record votes:
- Show the user the vote (question and options) and get their choice
- Go to a page that checks if the user has already voted
- If the user has NOT voted yet:
- Save a file showing that the user has voted
- Move to another page that counts the vote
- Move on to the results page
It’s a pretty simple process and it works as long as nobody messes with it…
The problem is that it is very easy to derive the URL of the page that counts your vote (3b). So you can skip all the checks and go straight there as many times as you like!
So I wrote a very simple program (34 lines in Python including copious comments and whitespace) that:
- Fetches the vote details
- Asks which option to vote for and how many times
- Hits the vote counting page X times
As simple as that!
And no, I don’t use it. That would be pretty lame. The fun part was figuring it out and defeating a well known site. Not screwing up the polls for everyone.