Hey guys, I am back again with another writeup about how I found a seviour bug in my college’s student portal which leads to a data leak of every student in my college. Basically it is a third party…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

The student portal is a third party web portal for students in which students can check their time table, attandance, profile, fee dues and many other stuff. It was a simple IDOR bug with a huge impact. The leaked data also have 10th and 12th class marks.

How I Hacked my College’s student portal

From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!

Ahaha this is good! Clearly they should this more in consideration, wonder if you could update other student’s values… who knows

I’m waiting for the data selling part 🤷

The API failed to check the user’s session and return a response accordingly.
If the user doesn’t have elevated permissions, they should only be able to see their own data (modify your query to persistence to filter data by user id).
Or, if they are some sort of admin user (think reception staff, course leaders etc), then return the appropriate data in the response.
This is just lazy programming!