Re: Functionality and Output Critique of Voting Booth script?

This thing is exploitable (i know, I know, cookie based, big suprise, but but but ;D). I managed to vote for George as many times as I wanted.

Here is how the exploit works, after I'm presented with the vote menu, and I vote, I click the dreaded browser back button, and I vote again.

If I close the window, and come back to the poll, I will not be presented with the option to vote.

There in lies your logic flaw. You should also check for the cookie if someone tries to vote, not just when presenting the vote menu.

____________________________________________________
** The Third rule of perl club is a statement of fact: pod is sexy.

Comment on Re: Functionality and Output Critique of Voting Booth script?

Replies are listed 'Best First'.
Re: Re: Functionality and Output Critique of Voting Booth script? by jerrygarciuh (Curate) on Oct 17, 2002 at 22:52 UTC
Thanks podmaster, I discovered that one myself by accident. I will address it in the next version. There are only a couple copies in production so hopefully no one is messing with it too much. I really need to add IP logging as well as one can of course eat the cookie and revote. Thanks for checking it out! jg _____________________________________________________ "The man who grasps principles can successfully select his own methods. The man who tries methods, ignoring principles, is sure to have trouble. ~ Ralph Waldo Emerson	[reply] [d/l]

Replies are listed 'Best First'.

_____________________________________________________