Vizu Answers which allows publishers to add polls to their sites and make money from it has a strict policy of accepting users into their system, but I uncovered a flaw that compromises the system and allows users who have not yet been accepeted by Vizu access to the system, thus allowing them to design polls and get the ad code for it.
What is the flaw?
Vizu Answers allow users to create a profile and add it to their database, all profiles created have to be accepted by Vizu for allowing polls to be shown on the registered sites. If you try logging in to the system before being accepted you will see the following message.
Even though their login system is quite strict, there is a flaw that allows publishers to access the system even though they are still now accepted.
Using their forgot password feature. I was able to log into the system even though i was not accepted by them and create poll zones and access the my account features. What this shows is that even though they have a strict policy for accepting publishers they have a flawed system. Which many people can make use of to create polls even if they are not accepted and in worst cash out the money you have earned using vizu answers using their very leninet password forgot feature.
The fact that irked me is that their forgot password feature lacks the security which many sites follow and compromises earnings of so many publishers. The other fact where it allowed users to create poll zones is not as serious as that. Just having access to personal information and usernames of your friends is enough to compromise the entire payments earned.
If you want to reproduce the flaw here are the steps you need to do.
Register to be come a Vizu Answers publisher by clicking here. Once you have registered don’t worry about being accepted, this flaw can be exploited even if you registered a minute ago. Get back to the site and click on login skip login and click on the forgot password link.
Once you use the forgot password feature you are asked for your username as shown below.
Entering the password redirects you to a new page where you are asked for the answer to your secret question.
Once you have entered the correct answer to the question you are then redirected to a page where you can change your password.
And boom you are now into the system where you can access the poll zones and your account section.
I even created a dummy poll zone and got the code for displaying the poll on my website as you see below.
A simple flaw in a system can compromise thousands of people. Setting high standards in acceptance does not make your software better. Technology is open to exploits and every software is open to flaws that’s why you see so many virus attacts isn’t it.
Techie Buzz strives to lets its readers know that this flaw is not to be exploited but if you do come across any such flaw in any softwares you can always let us know at tips [@] techie-buzz.com