Golden Spiders Like Security Through Obscurity

| 2 Comments
I went to vote at Golden Spider's public vote page. First of all they have this gem:
 In this years Golden Spider awards, the judges will select the winners from all twenty categories, including the Best Blog and Best Social Networking site categories. We would also like to get YOUR opinion on the best Blog and social networking site categories. Choose from the nominations below, enter your email address and submit your vote.
This me reads very much like "Our judges know best, but we want you to feel loved". I submitted my vote anyway and got the lovely "Your Vote has been cast. Thank you for voting on both Categories." page. Out of boredom I viewed the source, and spotted the following:
<div class="display_none">
<form name="PublicVoting" method="post" action="publicvote.php" onsubmit="return validatePV();">
.....
I disabled CSS, selected two different options, entered a different email and it gladly accepted the new details. They do actually check to make sure that the email address you enter is used only once, but I have an infinite number of email addresses to use as they don't seem to verify the emails.

To the developers of the Golder Spiders Website, please go and read the Wikipedia article on Security Through Obscurity. Not everyone uses CSS, prime example being blind people who use screen readers!

2 Comments

Have they plugged this hole yet?

As of Nov 8th at 20:20, the hole still exists.

About this Entry

This page contains a single entry by Niall Donegan published on November 6, 2007 11:59 PM.

PHP Manual Open Search For Firefox 2 And IE7 was the previous entry in this blog.

Solution To "Enhancement" Spam is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

OpenID accepted here Learn more about OpenID
Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.02