How I Bypassed The Voting System Of Sadeem Competition

Sadeem سديم is The largest competition for influencers in the Arab world!

I wanted to vote for one of the participants, and I said why not find a way to vote more than once?
And this is how I did it:

This is the page where you can choose the person you wanna vote for!

So as you can see, you need to put your email there, and click the button to get a message in the mail then validate your choice.

Basically the kind of algorithm used to validate this type of operations is based on some white lists of email domains that check for known domain services like ‘GMAIL, HOTMAIL, YAHOO…’ in order to allow just trusted people to vote!
So what if there is no security filter that checks for this known domain services?
Well simply, it will enable people to send from unknown services wish may lead to some kind of spamming attacks, and due to this I was able to send more than 1 vote and this is how :
1) I used Temp Mail service to create a new email address

2) Used it to get the validation link and submit the vote, and you know what?

3)It worked

With this bypass, you can vote more than once just by generating new emails and submit new votes.

You can also optimize this attack by creating a Python script to automate all the process and do it more than once!
And this will lead to creating a false winner.




The best puzzles are not meant to be solved{}

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Oasis-Eth Hackathon Winners!

Exploring Google Dorks

Gate Io ESG Mining Pool Trade Activity Airdrop $2000ESG to 50 participants

HackTheBox [FORGE]

{UPDATE} Perfect Cell Lite Hack Free Resources Generator

Hello Everyone, Today I am going to Introduce a World’s first and my Favourite Game i.e.

Dogeon IDO Launch on KrystalGO: Announcement & Participation Details

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eddie Mora

Eddie Mora

The best puzzles are not meant to be solved{}

More from Medium

Make Dangerous Computer Virus With Notepad

CCTV /Webcam Users! Pay Attention! (PicoCTF Walkthrough

Timing-Based Username Enumeration: What’s a fix versus mitigation?