pouët.net

Go to bottom

selfvoting and hackers fun @pouet

category: general [glöplog]
maybe this thread was really necessary and we should set some prize-sth on it !

the asked question is: can one submit a prod selvoting on itself ?

the oneliner goes like this so far:

Quote:

harism I will make a demo and selfvote it to the all time top!
psonice hey, there's an idea. Many people running the demo will be logged into pouet.. set the demo to vote using their account :D
hArDy./tRSi oneliner just cant exceed due to being a pointer and older dates get deleted every day ! just try ! same goes for selfvoting: try and loose !
Gargaj psonice: wouldnt that assume that you have to add the demo to pouet BEFORE you release it? :) (technical detail, but still...)
psonice You could do a prod search + give it a unique name, or fetch the prod ID off some other site once it's on pouet. It'd be funny if BITS did this.. assuming anyone watches BITS stuff :)
micksam7 Submit it to pouet then change the binary to self-vote once it's submitted.
hArDy./tRSi if its on own server, exchangin exe shouldnt be a prob...damn, donnot tell em ! ;)
RareWtFailWhale and circumvent the OS firewall.
hArDy./tRSi no needance, just access browser ! :p ( should be harder than attacking firewall, i know...but firewallhack wont give you access to browsers ! )


sorry, theres no PREVIEW-Button anymore since 2 days ago ! i just hope this works !
yep, i just outsourced this from oneliner-country and i am asking for some1 to do that actually !
first one to hack selvoting gets an ice or sth at next BP :p
BB Image
added on the 2010-08-03 16:01:50 by havoc havoc
i like the one in the middle.
added on the 2010-08-03 16:13:09 by Gargaj Gargaj
Polite reminder: actually doing something like this would change our friendly admins from the pink one on the left to the blue one in the middle ;) It's a pretty funny concept, but the reality would be a huge ball ache for the people who run this site we love so much.
added on the 2010-08-03 16:17:09 by psonice psonice
Next time you come up with something interesting, just do it, don't start a "wouldn't it be great if someone did it" thread. Because then it wouldn't.
added on the 2010-08-03 16:22:23 by doomdoom doomdoom
not that fucking with other apps while the demo is running is a new idea.
added on the 2010-08-03 16:25:42 by Gargaj Gargaj
doom's the leading. If sb has a brilliant idea, just do it or else :X
added on the 2010-08-03 16:45:27 by Defiance Defiance
doom won !
garg is the blue one altho i´m more drunk :p
sometimes you have to make the best off a bad idea ! ( i thought some trolls would unite and start some hackfest or sth ! )
There are ideas that are awesome and you go away and do, and others that are awesome but not something you'd actually want to be associated with in reality ;)
added on the 2010-08-03 17:41:11 by psonice psonice
The easiest way to do it would probably be a JavaScript demo. Probably would take 2 lines to write it
added on the 2010-08-03 18:12:36 by Joghurt Joghurt
Sometimes there are good reasons for not putting this sort of idea into practice.

yep, it would be really easy to do this from a JS demo (or, for that matter, any page on the internet that you can persuade Pouet users to visit) but at least there are fairly simple ways to prevent that at Pouet's end (namely, pass a secret token in the form as well as the cookie). For native executable demos that have complete access to your browser state, you're screwed, of course...
added on the 2010-08-03 18:40:50 by gasman gasman
if pulled off well, i'd applaud the idea. unfortunately, i doubt hardy would be able to pull it off well. additionally, he spoiled the idea. bummer.
added on the 2010-08-03 20:38:57 by skrebbel skrebbel
:D
gasman: You could always add a CAPTCHA to the voting form.
added on the 2010-08-04 09:35:36 by doomdoom doomdoom
remembers me of this mfx demo which used images from your hdd.. and then people suddenly complaining about porn in the demo XD
that was _great_ fun!
added on the 2010-08-04 11:41:59 by v3nom v3nom
Ah, this one. And forget about my retarded dumb as hell comment on the prod.
added on the 2010-08-04 11:48:22 by v3nom v3nom
yeah, this would be too easy to do with javascript to be cool.
added on the 2010-09-08 03:08:28 by orby orby
though the voting php should probably be checking the referrer ;)
added on the 2010-09-08 03:09:42 by orby orby
No, it really shouldn't. The Referer header is an optional part of the HTTP spec, there are good reasons for browsers not to send it, and it can be faked from Javascript anyway.

The industry-standard way to fix it is to pass a CSRF token in the form, along with closing any holes that allow script injection in the site itself (remember the Limp Ninja hack). But I've seen the Pouet codebase, so... yeah. What psonice said.
added on the 2010-09-08 10:40:56 by gasman gasman
Quote:
it can be faked from Javascript anyway


ah, wait, actually it can't because the proposed hack wouldn't be using XmlHttpRequest (you'd need to exploit a script injection hole for that). But still.
added on the 2010-09-08 10:48:43 by gasman gasman
Go make a demo about it
added on the 2010-09-09 02:50:15 by T$ T$
making your demo create a user on scene.org, log on to pouet.net, add a random comment and a thumb on your prod - shouldn't be that hard to code. however, i doubt the outcome will a success since a) you'd fill scene.org's user database and b) gargaj would simply delete your prod and thus making your app fail.

:-)
Plus, it's just an all-round shitty thing to do :)
added on the 2010-09-09 09:34:14 by gloom gloom
What a great way to get someone else's prod removed! <grin>
added on the 2010-09-09 10:18:10 by trc_wm trc_wm

login

Go to top