selfvoting and hackers fun @pouet
category: general [glöplog]
maybe this thread was really necessary and we should set some prize-sth on it !
the asked question is: can one submit a prod selvoting on itself ?
the oneliner goes like this so far:
sorry, theres no PREVIEW-Button anymore since 2 days ago ! i just hope this works !
the asked question is: can one submit a prod selvoting on itself ?
the oneliner goes like this so far:
Quote:
harism I will make a demo and selfvote it to the all time top!
psonice hey, there's an idea. Many people running the demo will be logged into pouet.. set the demo to vote using their account :D
hArDy./tRSi oneliner just cant exceed due to being a pointer and older dates get deleted every day ! just try ! same goes for selfvoting: try and loose !
Gargaj psonice: wouldnt that assume that you have to add the demo to pouet BEFORE you release it? :) (technical detail, but still...)
psonice You could do a prod search + give it a unique name, or fetch the prod ID off some other site once it's on pouet. It'd be funny if BITS did this.. assuming anyone watches BITS stuff :)
micksam7 Submit it to pouet then change the binary to self-vote once it's submitted.
hArDy./tRSi if its on own server, exchangin exe shouldnt be a prob...damn, donnot tell em ! ;)
RareWtFailWhale and circumvent the OS firewall.
hArDy./tRSi no needance, just access browser ! :p ( should be harder than attacking firewall, i know...but firewallhack wont give you access to browsers ! )
sorry, theres no PREVIEW-Button anymore since 2 days ago ! i just hope this works !
yep, i just outsourced this from oneliner-country and i am asking for some1 to do that actually !
first one to hack selvoting gets an ice or sth at next BP :p
first one to hack selvoting gets an ice or sth at next BP :p
i like the one in the middle.
Polite reminder: actually doing something like this would change our friendly admins from the pink one on the left to the blue one in the middle ;) It's a pretty funny concept, but the reality would be a huge ball ache for the people who run this site we love so much.
Next time you come up with something interesting, just do it, don't start a "wouldn't it be great if someone did it" thread. Because then it wouldn't.
not that fucking with other apps while the demo is running is a new idea.
doom's the leading. If sb has a brilliant idea, just do it or else :X
doom won !
garg is the blue one altho i´m more drunk :p
sometimes you have to make the best off a bad idea ! ( i thought some trolls would unite and start some hackfest or sth ! )
garg is the blue one altho i´m more drunk :p
sometimes you have to make the best off a bad idea ! ( i thought some trolls would unite and start some hackfest or sth ! )
There are ideas that are awesome and you go away and do, and others that are awesome but not something you'd actually want to be associated with in reality ;)
The easiest way to do it would probably be a JavaScript demo. Probably would take 2 lines to write it
Sometimes there are good reasons for not putting this sort of idea into practice.
yep, it would be really easy to do this from a JS demo (or, for that matter, any page on the internet that you can persuade Pouet users to visit) but at least there are fairly simple ways to prevent that at Pouet's end (namely, pass a secret token in the form as well as the cookie). For native executable demos that have complete access to your browser state, you're screwed, of course...
yep, it would be really easy to do this from a JS demo (or, for that matter, any page on the internet that you can persuade Pouet users to visit) but at least there are fairly simple ways to prevent that at Pouet's end (namely, pass a secret token in the form as well as the cookie). For native executable demos that have complete access to your browser state, you're screwed, of course...
if pulled off well, i'd applaud the idea. unfortunately, i doubt hardy would be able to pull it off well. additionally, he spoiled the idea. bummer.
:D
gasman: You could always add a CAPTCHA to the voting form.
remembers me of this mfx demo which used images from your hdd.. and then people suddenly complaining about porn in the demo XD
that was _great_ fun!
that was _great_ fun!
Ah, this one. And forget about my retarded dumb as hell comment on the prod.
yeah, this would be too easy to do with javascript to be cool.
though the voting php should probably be checking the referrer ;)
No, it really shouldn't. The Referer header is an optional part of the HTTP spec, there are good reasons for browsers not to send it, and it can be faked from Javascript anyway.
The industry-standard way to fix it is to pass a CSRF token in the form, along with closing any holes that allow script injection in the site itself (remember the Limp Ninja hack). But I've seen the Pouet codebase, so... yeah. What psonice said.
The industry-standard way to fix it is to pass a CSRF token in the form, along with closing any holes that allow script injection in the site itself (remember the Limp Ninja hack). But I've seen the Pouet codebase, so... yeah. What psonice said.
Quote:
it can be faked from Javascript anyway
ah, wait, actually it can't because the proposed hack wouldn't be using XmlHttpRequest (you'd need to exploit a script injection hole for that). But still.
Go make a demo about it
making your demo create a user on scene.org, log on to pouet.net, add a random comment and a thumb on your prod - shouldn't be that hard to code. however, i doubt the outcome will a success since a) you'd fill scene.org's user database and b) gargaj would simply delete your prod and thus making your app fail.
:-)
:-)
Plus, it's just an all-round shitty thing to do :)
What a great way to get someone else's prod removed! <grin>
