How a bad implementation can allow anyone to hijack every My Campus Days account

Or, “here’s how not to implement a login system”

My Campus Days — The Target

The Story

Most college portals are broken by default

The Catch

Drum rolls for the worst reset password implementation in human history


Moral of the Story

About the Author

Not even enrolled in the program.

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: