The Indian Certificate of Secondary Education is one of the very well known boards in India. Thus, there are nearly about one lakh students appearing for the I.C.S.E Board exam every year. Almost every child wishes to study in an ICSE board school.
Every year the ICSE results are declared online and students need to login with their seat numbers as usernames to see their results. This point makes it completely essential for this board to secure its website so that individual result is available only to the concerned student and their school. This is what I believe.
But after researching for about 3 days, i came to know that the ICSE Board provides its result to such websites that do not protect the database and are not concerned with the privacy. I was easily able to get access to the database of almost 1,40,000 students. I got the result of each one of them and I could easily alter it if I wanted to. Thus, it can be said that the ICSE website is the most unsecure website that provides results online.
If this database reaches to some not appropriate person, it can be proved very harmful to the board. The method I used to get access to the score sheet, was A SIMPLE AUTHENTICATION BYPASS technique. This is a script kiddie method which is not at all complex or you can say difficult to understand and put into use.
Therefore, I request the ICSE Board to secure its website and provide the database only to secure websites due to which no harm shall be caused to it. Being an ICSE Board student it is my duty to inform them about this bug. I hope they patch it as soon as possible.!
Every year the ICSE results are declared online and students need to login with their seat numbers as usernames to see their results. This point makes it completely essential for this board to secure its website so that individual result is available only to the concerned student and their school. This is what I believe.
But after researching for about 3 days, i came to know that the ICSE Board provides its result to such websites that do not protect the database and are not concerned with the privacy. I was easily able to get access to the database of almost 1,40,000 students. I got the result of each one of them and I could easily alter it if I wanted to. Thus, it can be said that the ICSE website is the most unsecure website that provides results online.
If this database reaches to some not appropriate person, it can be proved very harmful to the board. The method I used to get access to the score sheet, was A SIMPLE AUTHENTICATION BYPASS technique. This is a script kiddie method which is not at all complex or you can say difficult to understand and put into use.
Therefore, I request the ICSE Board to secure its website and provide the database only to secure websites due to which no harm shall be caused to it. Being an ICSE Board student it is my duty to inform them about this bug. I hope they patch it as soon as possible.!
No comments:
Post a Comment