I just barely survived my 12th-grade exams with a stunningly average score of 75%. Yes, hold the applause, please. Recently, I joined a college. Now, for obvious reasons, I can't reveal the name, so let's call it "MEOW MEOW COLLEGE."
Everything was going smoothly, you know, being an average BADMOSH. But then, my genius BKL friends had this brilliant idea: "Bro, you need to be famous in college. That's how you get girls and, more importantly, RESPECT."
One night, while enjoying a totally innocent smoke break, the most brilliant idea hit me: "What if I hacked the student portal?" I have no clue why, but at that moment, it felt like the best idea I'd ever had. I mean, what could possibly go wrong, right?
The next morning, while listening to Babbu Maan's Hashar, I launched Burp Suite and logged into my portal. As I intercepted the requests, I noticed something interesting: the portal was using specific student information as passwords (I can't disclose exactly what).
This small detail turned out to be crucial for the entire attack.
I discovered that the portal sends a request to the server with a private ID, and the server responds with a cookie containing details like the session ID and that specific information. Out of curiosity, I changed the ID from xxx782 to xxx783 and sent the request again. To my surprise, I received a new cookie with another student's data. That's when I realized I could access all the information needed to log in, such as their email or ID and their password (based on specific user info), simply by altering the private ID parameter.
The next day, I wanted to report the issue but was a bit worried — last time I tried something like this at my company, I got fired (read more). However, after some thought, I decided to go to the college and report what I'd discovered. I presented them with solid proof, half-expecting them to be outraged. To my surprise, they actually appreciated my work and thanked me for my "Badmoshi" approach. Who knew hacking their system would turn me into a hero?
Moral of the Story
Sometimes, breaking the rules can earn you respect and maybe even some girls.