Tuesday, September 27, 2011

"Easy" access to exam questions?

While doing my "googling" and security analysis, i happen to come across a Shanghai school portal and manage to easily "gain access" into the "admin" account.

With the admin access, i am able to access to all the documents in the portal. Wondering if there are any exam questions in there?

I can do a listing of all the user account, which i can edit or delete.

w01f advise: Web portal should be proper secured, especially the administrative account. Strong password should also be used by all users.

Disclaimer: Only access to the "main" and "user account" page, no modification to the portal and no download of any files from this portal. It is purely for security awareness purpose with no malicious intent.

No comments: