hi pol
after the events of today (correcttherecord site receiving 400k entries by automated scripts) i thought i'd so some checks of hillary's sites
turns out there is literally no form validation on this email sign up and they don't even check your email against existing ones
hillaryclinton.com
now i'm not condoning abuse of web services and email spam or anything but i feel they should be aware of this gaping hole in their security
Hi pol
Chase Lewis
Other urls found in this thread:
ghostbin.com
youtube.com
ghostbin.com
ss13.moe
twitter.com
Owen Cook
...
David Powell
oh what a happy little goyim hillary is going to be when she finds out she has a few billion supporters tommorow!!
Ian Morris
yes, autistics love to run bots to spam emails of would be elected officials :^)
Juan Perry
>ctr spams here
>we destroy them
Oliver Johnson
Can't wait to see CNN report that Hillary has the support of 250% of the world's population :^)
Blake Bell
>tripfag calling others autistic
Asher Wilson
faggot
Zachary Garcia
you don't spam her email
you spam other people's emails and tie up the resources of her email server in the same go
which is a double win
imagine how every email carrier ever will react when they get flooded with emails from clinton campaign's email server
good luck getting mail through future iptables drop rules from like every email host ever
Blake Gutierrez
If you know a script language, it's literally just a get/post request within a while loop.
Why not? Maybe Hilary Clinton needs a little heat from the alt right, she called us despicable, that's just not called for.
Chase Jones
>If you know a script language, it's literally just a get/post request
It's not. Looks like it uses js
Ayden Ross
Fair enough, I don't really care.
Lots of times the api will be simple like that, especially if there's no validation. Spamming is fairly easy if you know what you're doing.
Nolan Hall
>Unironically calling yourself alt-right
Kill yourself
Connor Scott
How about you fuck off tripfag redditor?
Oliver Murphy
well you're absolutely wrong
it's a request to /api/bucket
[code]{
"source":"referral_www.google.com.au_/",
"submittingUrl":"hillaryclinton.com
"email":"YOUR EMAIL",
"postalCode":"YOUR POST CODE",
"tags":{
"formSlug":"email-join",
"language":"en",
"committee":"hfa",
"formType":"standard",
"emailVolunteerForm":false,
"utm_medium":"referral",
"utm_source":"www.google.com.au",
"utm_content":"/",
"utm_campaign":null,
"utm_term":null,
"template_optimizer_group":"default",
"send_email":0,
"use_personalized_autoresponder":true
}
}[/code]
with this json
be less retarded
i just figured everyone on Sup Forums is running windows so there's little point in implementing it with curl or python or something
Grayson Rivera
>well you're absolutely wrong
so it is a get/post request?
Luis Ross
Implement it in c#, all windows installs post vista have csc.exe (the cli c# compiler) in the windows directory (not in the PATH, you have to find it)
William Gomez
It's a post
I'm just gonna do it in python fuck it
Sebastian Edwards
> 400k entries
Where are you getting that number?
Carson Gomez
Just motivating the brave men willing to run a python or c# script.
And you just replace the capital string fields with gibberish. Brilliant.
You know, you could press f12 on your browser and find out yourself if you're interested.
Christopher Brooks
Bump, good work upside down Anons.
Grayson Rodriguez
here it is: ghostbin.com
requires requests module
just install it with "pip install requests" and you'll be right
it's run as follows
./clinton.py "email"
nothing trailing
it doesn't check if you're being a retard or not so entering dumb shit as the email will break it
no threading either, but can implement on request
Bentley Anderson
Lol inb4 AFP.
>z = z + 1
Oh God python code is hilarious
>just programmer things
Sebastian Fisher
oh i guess you can do z += 1
i'm out of it right now
Cooper Nelson
>i feel they should be aware of this gaping hole in their security
Hillary had an unencrypted server without two factor authentication. Those clowns don't understand web security at all.
Isaac Harris
You sir are a gent and a scholar
Michael Harris
I want to join this Right Wing Meme Squad
I'll just spam manually using emails in the leaked emails over and over but with racist names like SpaceNigger
Alexander Martinez
That was Debbie Wascheman Schultz will get he inbox filled with the word nigger
Blake Morris
it'd be funny if you emailed people frog memes. or hilloli memes.
Easton Price
does this work?
I've tried a curl script but it just gives me a 405 error
Austin Hill
hi everyone i have adopted the script to work with email lists
if you have a large email list (personally i just searched pastebin), feel free to go for it & make sure to post your results
ghostbin.com
Daniel Morgan
Good god yes, this.
Colton Scott
You are doing KEKs work brother. Hail KEK!
Carter Jackson
just wondering, how do you capture the requests the site sends in the first place?
is it a thing you can do in browser Developer Tools?
Jack Taylor
i use telerik fiddler just because of the flexibility
but you can totally do it in your browsers console
go to the network tab and refresh the page
Parker Foster
>telerik fiddler
thanks!
also I don't understand their avoidance of captcha in current year
Angel Garcia
Here's a proxy list if you want to implement it with one.
ss13.moe
Jeremiah Rogers
If they're not checking captchas they're not checking IPs
Appreciate the help though brother
Justin Gutierrez
Hillary and her camp literally can't into infosec, not even at a basic level