Vulns school system..
A story about my last 2 days in school.
Well I found a few vulnerabilities in my school ePortal admin system which contained every bit of personal data which you could modify. Including grades, illness', reports, family contact numbers etc etc.
I emailed the teacher who got me into hacking outlining the problem etc… showing him what I found.
This teacher, then forwarded my email to my computing teacher who called me into the office for a 'chat'.
My computing teacher loaded up the school system and asked me to demonstrate what I did to prove that it wasn't a prank… (Although I contained the URL to each LFI, SQL/JS/HTML injections).
After embedding a few cookie stealer's on a variety of pages and manipulating the URL to display the userlist with SQL injection, I was asked if I could patch it.
I said it wasn't my job to and that the school administrators should - They are on the salary.
The conversation ended and I headed home after a dose of English Literature…I walked in my house and my mum was just ending a phone call. It was the computing teacher asking for her consent that I get paid to help the system administrators and thanking me for finding the holes.
Chances this will get followed through are slim. But in hope, this could be the most productive thing, hacking has ever done for me.
At least I'll pass Computing A-Level …..
well done dude! a funny thing happend at my school too :D I found a small hole in the login for the teachers area, I didn't tell anybody but my closest friends but now one of them told me that not a single teacher is able to log in 'the normal way' (because some admin fucked up real bad :angry: ) so we're pretty much the only people who can access it :D
anyways, good job dude, I hope they pay you well! B)
S-H