Categories
Uncategorized

Include your county in Monopoly

I’m not sure that everybody is playing fair with Hasbro’s Monopoly All-Ireland edition website which allows you to vote for your country to be included in the all-ireland edition.. Leitrim at #1? You gotta be kidding me.. Could be the extreme security which can only be cracked using expensive and unavailable applications like wireshark

POST /asp/submitVote.asp HTTP/1.1
Host: www.monopoly.ie
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: ASPSESSIONIDCCCTSTDB=CMELBCDCJFIECKHFLNNABJBI
Content-type: application/x-www-form-urlencoded
Content-length: 124
optin=0&ageId=2&votingReason=blah&countryCode=2&cityName=Waterford&cityId=79&email=me%40mydomain%2Ecom&name=Shane%20DempseyHTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Fri, 27 Apr 2007 13:46:17 GMT
X-Powered-By: ASP.NET
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 27 Apr 2007 13:46:23 GMT
X-Powered-By: ASP.NET
Content-Length: 83
Content-Type: text/html
Cache-control: private
<?xml version="1.0" encoding="utf-8"?><response><result>success</result></response>
</body>
</html>

Yep, it’d be pretty tricky to script a HTTP post command. Even tricker to fake an email address. Not sure I’m up to it & I certainly wouldn’t advocate it. I’m not sure IIS 5.0 would handle the load anyway. Either way when you monitor the voting results it looks a tad suspicious.

Leave a Reply

Your email address will not be published. Required fields are marked *