10/31/2022 0 Comments Polldaddy hack script code![]() ![]() ID links with the poll and I assume rand is just a random number to prevent spamming. They are id, poll_other, rand, poll_type and u. With the actual function, we can see the variable names being passed. Toolbar shows us that, not only are they non-obfuscated, the function we need to analyze is right in the first included Javascript file, " common.js"! This features grabs the source of all the included Javascript files. Again, the developer toolbar can help us out by going to "Information", then "View Javascrip"t. Viewing the page source shows that the Javascript function isn't right on the page it has to be in one of the included Javascript files. Hopefully, it will help clue us into what the other 4 numbers being passed are all about. OK, now we have to look for the javascript function called "vote". This is sent so that when the vote is tallied, it'll know which poll to tally it to. Now, looking at the URL of the poll page, I can tell that the first number is the ID for the poll itself. The data it's passing here appears to be 5 numbers. The function it calls is called "vote" and it passes 5 variables to the vote function. Aha! The vote "button" isn't even a button at all! It's an image that calls a Javascript function when it's clicked. OK, not all is lost yet, we can still get a clue by looking at the "Vote" button which submits the form. And our report from Web Developer Toolbar has just given us what we already know. The second FORM was the important voting form. The first FORM was the little Search form on the top right. This displayed all the details of every FORM on the page. Instead of looking through the code, I used the powerful Firefox extension Web Developer Toolbar and ran the "Display Form Details" tool. #POLLDADDY HACK SCRIPT CODE CODE#The next step I did was look for the FORM tag to see if I could find secret variables sent to the code processor passed as hidden INPUT's. (Meaning that the next entry down had a value of 10761056, Jimmy had a value of 10761057 and so on.)Ĭool, now it's time to try and see if we can figure out what other data is passed to the code processor to create a "vote". Sure enough, all the other entries had values increasing incrementally. This means that when you submit the form with me selected, it takes the value 10761055 and sends it to the code that processes the vote. So, based on this information, I am going to make the assumption that 10761055 is my unique identifier. The radio button appears to have a "name" of PDI_answer, an "id" of PDI_answer10761055 and a "value" of 10761055. Back to Firebug to inspect the radio button next to my name. #POLLDADDY HACK SCRIPT CODE CRACK#Time to crack this baby open and see how she runs. To vote, you click on the radio button and then click the big green vote button. Voila! We can now go straight to the PollDaddy poll here! OK, so we see a big form with all the entries. I used Firebug, a Firefox extension to look through the source revealed a NOSCRIPT tag used to provide a link for users without Javascript enabled. So, instead of delving into the code on the blog, I figured there has to be an original version on "homepage" of the code back at the PollDaddy page. Because of this fact, it's compressed and weird. The widget on the blog is a bit confusing because it's coded a bit funny to make up for the fact that it's not running off it's "home" website. Well, the poll was run by PollDaddy, a popular online poll service. Keep reading and I guarantee no matter what your skill level is, you'll learn something*** I made it super easy to follow, even for a computer newbie. **NOTE: There's computer-programming talk below. Seeing this as a fun little challenge, I looked at the poll on the blog page and began the peel away at the edges to unlock the heart of the poll so I could bend it to my will. I did ask permission with Barry first who informed me that "anything goes". Heck, even the ellusive Andy wore a costume! So, how could I possibly compete with race car drivers, hot satyrs and cute kids? By cheating! Both Jimmy and Joe submitted adorable shots of their children all dressed up. First of all, Mabe had an outstanding satyr costume. ![]() As many of you know, RustyBrick had a Halloween contest and a PollDaddy poll was set up in order to vote for the winner. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |