18

This is the Result Declaration form of our university, It's all good but there is one thing (bug) in this form, you only need to fill the Recaptcha once and you can that same Recaptcha to extract as many results as you want. Though not a Security issue, we can extract results of many students as roll numbers are sequential, we just need a bot to fill roll number and click the button. The only use would be to conduct surveys on results, but, a bug is a bug.

Comments
  • 1
    @F1973 FCRIT, Vashi And I live in CBD Belapur
  • 1
    Do they save the captcha result in a localstorage or the session cookie and avoid checking again? I also think having sequential number for student Ids is not a good idea. IDs should be random unique values in my opinion. But if this is sort of essential, then they can add an extra form input like last name or DOB or even a secure pin digit for each student.
  • 0
    @some-dev They have this extra input system for declaring 10th and 12th results, I think they don't care about anyone seeing anyone's result, worse that can happen is a D'Dos attack
  • 1
    This website is so shitty. If a lot of people log in at the same time it'll get DDOS'd.
  • 0
    @epictern It's a government rule that all college websites must be shitty
Add Comment