Screenshot of form fields for name, address, date of birth, race, gender, email address, and phone number.
https://xn--8r9a.com/system/media_attachments/files/113/453/426/487/445/641/original/a7d29a2cc84e9074.png
https://xn--8r9a.com/system/media_attachments/files/113/453/426/487/445/641/original/a7d29a2cc84e9074.png
Notices where this attachment appears
-
Embed this notice
Jason Parker (he/they) (north@xn--8r9a.com)'s status on Sunday, 10-Nov-2024 00:33:04 JST 
Jason Parker (he/they)
I reported my #vulnerability in #Georgia's #voter registration platform to the Secretary of State 90 days ago. They've still done nothing (and deny that it's even exploitable).
It isn't enough of a vulnerability to cover the ~115,000 #vote difference in the Presidential #election, but it could be quite significant nonetheless, especially in smaller races.
Is there any good¹ reason I shouldn't just drop full details? It's extremely tempting and I'm not the only person to have discovered this (s/o @abreacher ²). The only thing that was really stopping me before was the likelihood of bullshit³ election challenges by the far right, but that's now moot.
--
1) "Log in" to MyVoterPage (MVP) at https://mvp.sos.ga.gov/s/ with BurpSuite using name, date of birth, and county of residence.
2) Click "UPDATE VOTER INFORMATION", click "Edit".
3) Change any information in the attached image.
4) ???
5) Click "CONTINUE".
6) Enable packet Intercept.
7) Check the boxes, click "SUBMIT".
8) ???
9) Wait for the registrar to approve the change.Congratulations, you've made it impossible for somebody to vote.
--¹ Aside from the whole retaliatory prosecution thing.
² Alison is new here; you should follow her!
³ Though potentially justified in this particular case?
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.