[18-03-2023]
ISSUE HAS BEEN DISCLOSED AND FIXED BY VENDOR
THIS EXPLOIT DOES NOT AFFECT THE VENDOR ANYMORE
SO MAKING IT PUBLIC
[25-09-2024]
REVIVING THIS PROJECT WITH AUTHENTICATION
AND USERS RESPONSBILITYThis repository contains exploit for bug in Authetication and API Access of the affected platform. This exploit has been released without the original vendor's prior knowledege as of now.
The result (single and multiple both), which has not been published yet, The questions available on the platform, can be accessed without user authetication just by proper API calling.
After analyzing and modifying API callings, it has been acknowledged that Data can be accessed without authetication which is (here) two kind of tokens
- Marks access POC
As you can see there are no other authetication than formal headers and encrypted registration number. (The encryption backtracking was possible just by taking a look in query file).
Same as previous can be access for whole bunch of registration numbers, while in the exploit, getting accessed through Vendor's chat API (another platform API of the same vendor) and writing into a Excel file.
All questions and their options is accessible regardless of user's interest or not, just by question id.
- Questions Sequence detail Access POC
- Question Access POC
- Option Access POC (and hence complete test paper is accessible)
Answers can be obtained by continuous marks tracking along with change in option. This will lead to accurate correct option access. This will also lead to auto-attempt paper for the provided user, but we may skip this step by using random registration numbers.
Question Navigation not allowed is really a tough cookie as we can not modify the answer after checking result of current registration number, so we can use temproary registration number (1 reg for 1 option fill and check) and that's how we can break this trick also.
Commits responsible- e4ae17d ab57467 4ddd0de
A valid authetication of API with mock access tokens being used, can save all these leaks.
- node-js
- git
- node-fetch (
2.6.1) same version important - prompt-sync (
4.2.0) - xlsx (
0.18.5) - uuid (
9.0.0)
$ winget install -e --id OpenJS.NodeJS
$ winget install -e --id Git.Git
$ git clone https://github.com/0x0is1/profanity.git
$ cd profanity
$ npm install$ sudo apt-get install nodejs git -y
$ git clone https://github.com/0x0is1/profanity.git
$ cd profanity
$ npm install$ brew install node git
$ git clone https://github.com/0x0is1/profanity.git
$ cd profanity
$ npm install# for single result
## no authentication required
$ npm run result
# for whole section
## authetication required for whole section registration number access
$ npm run export
# for questions
## no authetication required
$ npm run question
# for answers
## no authentication required
$ npm run answer
# for answers
## no authentication required
$ npm run answernWe do not promote any harmful usage of this exploit. This is just a proof of concept being proposed to the vendor. If vendor has any conflict regarding this repository, we will remove it. You may contact us through our mail.
We are group of indie developers and testers, working for open source. Your tiny help can boost us to provide more good works for everyone for free. Thank you.
