Colbert vs. Xenu

It's been a long time since I've posted (spring break is soon, so there should be a flood of posts), but I just wanted to add my two bits to a current hot topic: Colbert vs. Xenu.

It all began when NASA decided that it was going to open up voting to the public for choosing the name of Node 3 on the ISS. Many /b/tards and wanna-/b/tards caught hold of this, and XENU quickly rose tot he top of the list of Top 10 Suggestions.

On March 3, 2009, Stephen Colbert said this on his show:

Link (click it now)

Then, on March 4:

Link (click this one too)

Later that day, Anonymous responded:



And so the battle begins. Personally, I support Colbert, but only because I feel like I'd rather have someone win for a humorous purpose than for a humorous purpose at others' expense. (Remember, even though I hate the Co$, the people still inside the Co$ could easily be hurt by this.)

Regardless of what you support, there is an easier way to vote. Apparently NASA didn't think too hard about the voting system, as it seems to simply be a form which sends a string to a server.

I'm going to set this up for Colbert. If you're a die-hard fan of Xenu, you're probably tech-savvy enough to replace the name of a faux-conservative talk show host with that of an intergalactic overlord.

The key link is here:

http://comments-submit.nasa.gov/commenting1/Comment.do?location=http://polls.nasa.gov/voteform.html&siteID=245486071&username=guest&email=guest@dummy.com&comment=Colbert

After you type in your suggestion for Node 3's name on NASA's website, this box is what pops up, with a word verification CAPTCHA.

Unfortunately, someone made a rather large mistake when they put together the voting form, because it turns out that the CAPTCHA can be by-passed.

If you open up the vote verification page's source code, you see that the variables in the URL are actually part of a form document named "document.frmcomments". If you know some Javascript, you should find it rather easy to follow the source code and discover that the submission process of the form is only based on the passing of an "if" clause.


if (data==1) {
document.getElementById("imageResp").innerHTML="Word Verification Matched.";
alert ("Word Verification Matched. Comment Submitted");
document.frmcomments.submit();

}


The NASA programmer behind this voting program forgot to install a second verification that the user actually entered the CAPTCHA! Therefore, we can skip entering the CAPTCHA over and over again, and simply enter the following code into the address bar:

javascript:document.frmcomments.submit();

We can verify that it accepted this code two ways: one, it didn't bounce an error message (as it does when you simply click the SUBMIT button), and two, it brought us to the URL which it brings you to after you complete the word verification normally.

[Disclaimer: THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY. Please don't actively try to ruin or tamper with the poll.]