Election Day: any hint??

Election day

Salvatore [SalMau]
2 years ago | edited 2 years ago

6

I’m stuck in this level for weeks. I’m tryin to change the method for posting the vote, but nothing. I’m searching for different files but nothing. Any hint? Burpsuite could help? I only noticed that her ID is different from the others, but don’t know what to do. Merci!

12replies
11voices
1,106views
SilverVVolf
a year ago

7

It’s very hard to give a hint for this one, but there are three steps (I know it’s kinda obvious and irritating answer, but…):
1. What do you need to do?
2. Why you cannot do it?
3. How to do it?
May be somebody can give a better hint.

Reply has been removed
eduardo.silva
a year ago | edited a year ago

5

well i i tried >> different encodings but nothing works. i wonder if i am in the right path :/

CH [CHO]
a year ago

4

Please, any more help with this challenge? I am stuck ( I am new to this whole thing) and I am starting to dispair :‘)

f0rk [HackingGuy]
a year ago

6

Once you identify the challenge, it becomes fairly straightforward.
I’d suggest extensively probing the application to understand what you can and can’t do.
Figure out ways to do what you want to do by bypassing measures that are attempting to stop you.

CH [CHO]
a year ago

5

Thanks so much for your response! I have tried a lot…I compared all candidates and what happens when I try to vote, but appart from the 400 or 200 status message, the requests don’t seem to differ..cookies are exactly the same….:( Do I need burp for this or can I solve it with web dev tools? Thanks again!!

f0rk [HackingGuy]
a year ago

5

You’re looking too far into it. There is something that stands out when trying to vote as the level description says.

CH [CHO]
a year ago

6

Thanks again for your help! The only thing that stands out to me is the d in her vote_id. But I will keep on trying :)

f0rk [HackingGuy]
a year ago

5

Good luck! :)

jarvisanai
6 months ago | edited 6 months ago

5

reviving this thread for some hint . I know the waf is not allowing some characters and one of them is presented in the second candidate’s vote id . Can any one give a hint to put me on track

f0rk [HackingGuy]
6 months ago

5

You’re on the right track ;) keep trying what you’re doing!

thecyphervault
2 months ago

5

I have been stuck on this challenge for a while now.

Something that I did notice was the number of characters in the candidate’s last name matches the number of digits in their vote_id.

Like others have posted in this thread, the WAF is clearly blocking certain characters, like the ’d' character in ?vote_id=62d784 but I have had my hair start to fallout trying to bypass this annoying WAF.

Any tips feel free to PM me!

2 replies have been removed
CH [CHO]
a month ago

5

Still stuck as well! been on the right track for a year now…but can’t figure it out! Any help?

Reply has been removed
You must be logged in to reply to this discussion. Login
1 of 13

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss