Hacking a Vote Panel.

Oksy so on this private server I play on they have a vote panel, if you vote for them you gain 1 vote point. The thing is, you can only vote once every 12 hours. The page is here:http://208.43.192.210/avsnew1/. What would be some kind of javascript injection to break the timer?

Most likely not, but if you give us your user/pass we could see what we could do.

PM me if you trust me ;)

After checking it out: Dude, cheating blizzard=not cool. Also, hacking them probably= very difficult. I'm sure they use IP to check votes or most likely users with a server-side code to check for hours.

Its not through Blizzard, its a private server owned by some 18 year old.

The counting of variables (such as time) is done server-side, by a server-side language, the data will be stored in a sql server. The only way to hack that voting process is if you compromise the server by editing the data (sql) or the counting process (editing the php/asp/whatever script).

If I were tasked with hacking that system, I'd first search for possible sql injections, and if that fails, try to get to an admin panel.

If all else fails, you'll have to attack the box directly, hack the services that it's running.

What happend to the whole… don't ask for help hacking something/illegal act rule?

S1L3NTKn1GhT wrote: What happend to the whole… don't ask for help hacking something/illegal act rule? Well, in this case the page in question is illegal in itself as it's a private server. You could say that makes it slightly more officially acceptable.

```markupCREATE TABLE realms (
id int(10) unsigned NOT NULL auto_increment,
name varchar(32) default NULL,
sqlhost varchar(32) default NULL,
sqluser varchar(32) default NULL,
sqlpass varchar(32) default NULL,
chardb varchar(32) default NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; CREATE TABLE votemodules (
id int(10) unsigned NOT NULL auto_increment,
name varchar(32) default NULL,
image varchar(128) default NULL,
url varchar(128) default NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; CREATE TABLE voterewards (
id int(10) unsigned NOT NULL auto_increment,
realm tinyint(3) unsigned default NULL,
name varchar(32) default NULL,
description text,
itemid int(10) unsigned default NULL,
points int(3) unsigned default NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; CREATE TABLE votes (
ip varchar(16) default NULL,
account varchar(16) default NULL,
module tinyint(3) unsigned default NULL,
time int(11) default NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Take it from there.

COM wrote: [quote]S1L3NTKn1GhT wrote: What happend to the whole… don't ask for help hacking something/illegal act rule? Well, in this case the page in question is illegal in itself as it's a private server. You could say that makes it slightly more officially acceptable.[/quote]

LoL, :p, its running windows with open rdp, c'mon how hard could it be ;)

everyone in here can tell you that I'm the biggest noob that have ever walked on the face of the earth, yet I managed to get some interesting results using a simple nmap scan -_- so my suggestion is:

• download nmap
• use google