How a bad implementation can allow anyone to hijack every My Campus Days account

Or, “here’s how not to implement a login system”

My Campus Days — The Target

The Story

Most college portals are broken by default

The Catch

Drum rolls for the worst reset password implementation in human history

Conclusion

Moral of the Story

About the Author

Not even enrolled in the program.

--

--

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Piyush Raj ~ Rex

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com