Hey Guyz! I am back with a new vulnerability on a college website.
Btw, Myself Krishnadev P Melevila, You can google search my name or follow me on Instagram by clicking here for the quickest updates on new vulnerabilities.
Actually, as all you know, In India, this is the season where we get many calls regarding college and school admissions. But most of us wonder “How they got my number?” Yes! here I have an answer for it.
I got a call from an institution and ask me to fill an admission form on their website for taking a management seat. So I told them to send the link then they gave me a link like this https://collegename.softwarename.com/form?prn=[some_random_code]. What this link does is we will get direct access to the pre-filled admission form without any authentication. There we can fill in all the details like name, phone, email, past marks, blood group, address, (all details related to admission). and pay an application fee of Rs.500/- and submit the form.
So for everyone what comes to mind first is to brute-force the code in the URL. Right????
Yes, it is possible to brute-force the code. But it is time-consuming as the code is a complete random string ranging from 4–6 alphanumeric characters
Then what I do was, first click on the link which she gave me and added my email and password. then I log out of the link.
And followed the below steps.
2. Started burp suite and intercepted the login request. soon I found a param in the request. I just changed that value and forwarded the request.
3. Whoala! we got access to the victim data. Now an attacker can steal all user's data like this and do any illegal activities with this data. (example: my data and my victim's data taken through this method shown below.)
So this was a small write-up on my findings. any I believe that you enjoyed it. I will be back soon with a new one.
Btw: This vulnerability has been reported to the respective authorities.