How a bad implementation can allow anyone to hijack every My Campus Days account

Or, “here’s how not to implement a login system”

Image for post
Image for post
My Campus Days — The Target

The Story

Most college portals are broken by default

The Catch

Drum rolls for the worst reset password implementation in human history

Image for post
Image for post
Image for post
Image for post

Conclusion

Moral of the Story

About the Author

Image for post
Image for post
Image for post
Image for post
Not even enrolled in the program.
Image for post
Image for post

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store