Hello Hackers….. I Hope You all are doing well, In today’s Article I am going to share My Experience when I tried to hack my college’s website.
So, without any complexity let’s get started….
Disclaimer : DO NOT USE THESE TECHNIQUES TO HARM DIGITAL ASSETS OTHERWISE YOU’LL FACE THE CONSEQUENCES
So, one day I was creating my content for YouTube, and a notification popped into my phone that “Do your registration for the next Semester”. So, I browsed the college website and completed my registration.
After that, I was about to close the tab but suddenly I saw an ID Card feature on the website which scratched that part of my mind.
I went to the student dashboard and click on ID Card.
And It redirects me to another page where it showed me my ID CARD which contains all my details like Phone Number, Email and Resi. Address. which I can’t share you right now because of some security purpose. I can only show you my name and Email Address.
So, to Test its functionality I opened the best tool for web application security known as Portswigger’s Burpsuite. I opened it..go to proxy and start the intercept mode.
then I configure my burpsuite proxy on the browser by clicking on the foxy proxy extension and setting it for burpsuite. Now, I again click on the ID card and the request is captured by our burpsuite proxy.
after analyzing the request I found a variable RegID which has some value like 85393 which represents my ID.
so, if you are thinking that just changing the ID will give you someone else’s ID CARD INFO.. So, let me tell you that “YOU ARE ABSOLUTELY RIGHT”…
For now let’s change it from 85393 to 85395 and forward the request, and BOOM!!! as you can see It shows someone else’s ID CARD and personal details like Phone Number, Email, Address.And, these details can be used for further Damage by the help Social Engineering.
And, as a responsible ethical hacker, I had to inform the security team so I went to the college and informed my cybersecurity faculty member but they didn’t seem interested.But I have done my work from my side…..Now it’s up to them…..whether they want to secure it or not.
So, this is it for today, till then — KEEP LEARNING….KEEP EXPLORING…AND MOST IMPORTANT…….DO HACKING…….