How I Bypassed The Voting System Of Sadeem Competition

Sadeem سديم is The largest competition for influencers in the Arab world!

I wanted to vote for one of the participants, and I said why not find a way to vote more than once?
And this is how I did it:

This is the page where you can choose the person you wanna vote for!

So as you can see, you need to put your email there, and click the button to get a message in the mail then validate your choice.

Basically the kind of algorithm used to validate this type of operations is based on some white lists of email domains that check for known domain services like ‘GMAIL, HOTMAIL, YAHOO…’ in order to allow just trusted people to vote!
So what if there is no security filter that checks for this known domain services?
Well simply, it will enable people to send from unknown services wish may lead to some kind of spamming attacks, and due to this I was able to send more than 1 vote and this is how :
1) I used Temp Mail service to create a new email address

2) Used it to get the validation link and submit the vote, and you know what?

3)It worked

With this bypass, you can vote more than once just by generating new emails and submit new votes.

You can also optimize this attack by creating a Python script to automate all the process and do it more than once!
And this will lead to creating a false winner.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store