Hacking a Major Technical School's Website
by valnour
This article outlines a very simple hack on a very prominent technical school's online library.
It may sound like getting into a school's library isn't that big a deal, but this particular school (and I'm sure many others like it) requests that you input contact information when logging in to the system for the first time.
This allows a potential attacker to gain some sensitive data on a student such as: location of the school they attend, full name, phone number (home and work), email addresses, and it also allows you to change passwords without knowing the old one.
Procedure
When logging into this school's student library, you are prompted for your username and password. After providing this you are logged into the system.
However, if you log into the school's student portal (which shows school news and provides a link to the library and such) with your username and password, then follow the link to the school's library, a completely different procedure is followed.
Instead of logging in with any sort of authentication or checking session IDs or even cookies, it just takes you to a URL structured like this:
Replace student# with, well, your student number and you have instant access. No password checks or anything.
After I discovered this, I just start plugging in different numbers. I tried about ten in all and only found one other student.
Now I'm sure if I would have poked around some more I could have found several others, but I didn't want to raise any suspicion.
As far as the other student I found, I was able to get their email addresses, two phone numbers, and full name. I was able to locate her on MySpace with this information and was able to gather her home address after poking around on Google with all the other information I found.
Now keep in mind that this school has upwards of 70 campuses in the United States. This particular person was on the west coast. I live closer to the east.
Conclusion
This prominent technical school, which even offers a class entitled "Security Architecture of Common IT Platforms," obviously created a weak point in their online resources.
This problem was very simple, but still was able to give enough information for an attacker to gain plenty of ground in very little time.
All that was needed was an eight digit, non-random number that could easily have been social engineered.
I hope I have given enough information to make this useful, especially to students at this school.
But I also hope I have been vague enough so as to put no one's personal data at risk.