[ImpactWoW] Vote Exploit - Unlimited Emblems

[CryptoCombat]

[THEORY]

On an unrelated note from my last vote exploit thread...I've found that on ImpactWoW PvP Server you can vote at seven sites. Analyzation of the protocol showed that the server awarded vote points based on site Id and character name:

Code:

http://realm.impactwow.com/vote.php?id=2&name=Velysong

This led me to wonder how the php script would handle a non-numeric value in the id slot. Further analysis showed that it treated letters and phrases the same way. this meant that it most likely used a simple

Code:

if not(id=voted) then...

to determine whether or not to give a vote reward. With this presumtion, I continued to experiment by removing the value from the Id parameter altogether. This, in theory, would send a nil value, and therefore bug the php code, and that in turn would send a false return from the 12 hour timer check, and allow emblems to be rewarded.

This means that you can use

Code:

http://realm.impactwow.com/vote.php?id=&name=[your character name here]

to generate unlimited vote rewards by repeatedly sending a nil value.


[APPLICATION]

Download a mass website visitor, or spam your refresh button:

Code:

http://realm.impactwow.com/vote.php?id=&name=[your character name here]

Run or spam to get a ton of emblems. Now go to your mailbox, shift-click each one to autoloot the mail (don't bother deleting, it'll override the old with new mail).

Make a macro ingame with the following contents:

Code:

/script BuyMerchantItem(3,15);

And a second with:

Code:

/script BuyMerchantItem(2,1);

Now approach the Emblem Exchange vendor, and use the first macro to buy 15 Emblems of Valor per click, and the second to buy 1 Emblem of Conquest per click.

Profit.

In case you're wondering why I explained this so thoroughly, it's because I'm trying to inform the community as to how these exploits are discovered. I understand that this was a simple example, but everyone has to start understanding somewhere.

[LucasGod]

So, I wonder if that work elsewhere. +rep

[Maydie]

Really great to see what people can come up with by experimenting!
Will try this asap,leveling retail atm.
+Rep x3 when i can
EDIT: Works like a charm

[Ground Zero]

Nice share, this has been used a few times in the past with other voting systems, but +Rep for finding a site which still allows use of it.

[CryptoCombat]

I don't doubt that one bit. It's a relatively simple mistake for a web designer to make, and therefore easy for the experienced eye to detect.

I'm relatively new to the warcraft emu hacking world...so I haven't seen it with the same mechanics on a WoW private server site before. My apologies.

[Ground Zero]

It's alright, nobody has posted this before so it's not a repost, it's a good valid post, no need to apologise.

[LucasGod]

I wonder if it work on a server you can vote to get GM. I've seen one or two already, but that was long ago. You needed like 500 Votes, and could only vote once a day, assuming you had no Proxy Skillz.

[boed]

lorddenathor, you got pm mate.
Good tut, +rep.

[mg3115]

nice share dude

[Gravecorp]

These coding screw ups still exist?
I would have figured anybody who knows anything about web programming would fix that before implementing.

Did they write it themselves or did they use a premade setup?
If it was premade it would explain a lot.

[120ck]

is this server down for good?

[McCartney]

Hi

I know this is an old thread. But, I wondered if anyone do know how to vote exploit on Impact Wow. I've tried this method but can't get it working.

Thanks!