Discussion on: Is this a €1.000,00 worth Node script?

jimbolino profile image

I once "participated" in a photo contest where you could vote for the winner. The voting url didn't have CSRF protection and you could place your vote with a GET request.

I changed my avatar on all my forum accounts to a php script that redirected to that url on the first hit. Second hit it would show my normal avatar.

I got second place. Probably someone else figured out the same trick haha