XSS vulnerability at my school PLUS open wifi

[mkrohn]

So yeah for a couple of semesters now I've been trying to tell the school that they have content loading from non secure servers. The school is basically using the classic encrypt while logging in then its NOT secure.

Absolutely every form of private information is loading on unencrypted pages. Pair this stupidity with unencrypted wifi and you can gain access to basically everybody in every single class.

I have not actually used the vulnerability but I need to demonstrate it to them very specifically. I already know how to fix it but these people are seriously stupid who run their IT department.

Now for my questions. How do i demonstrate this? willing abductee?

I want to show them how this is done and how to fix it but I don't want to get in trouble while doing so. Do I bother explaining it in great detail or just shame them online and in the local press? My associates with them is done now and they haven't done anything to help me find an internship. Should I go for making a name or just go for getting a job with them? Its like 5 minutes from my house...

 

[michalrz]

I know you're probably itching to exploit it it some spectacular way to demonstate the seriousness of security to them.
Don't do it though, just document the vulnerability in a formal letter to the school, attach any faulty user-visible html markup/javascript, how to reproduce and fix this.
Try to avoid admitting you actually used/tested it, even for fun. Just remind them that the students' and staff personal info is protected by law, cite the proper article and that's it.
Don't brag, don't belittle or shame them because you don't want them accusing you of anything.
Even if you know you're in the right you can still suffer unnecessary stress and expenses if they overreact.
Congrats on your fruitful hacking.

 

[michalrz]

Also, for the vulnerability itself, were you able to load form data from someone other than yourself? Because, if the logging in is solid and they have some way to set and enforce access rules to peolpe's data to specific people then it's not that horrible.

Edit: actually yeah it's quite horrible with open wifi.

 

[mkrohn]

Yes the purpose of this thread was to make sure that I don't get expelled right before I get my associates and I still have some classes to take with them for my bachelors degree

In case anybody is wondering I have not in any way used this exploit more than theoretical and investigating the level of MY OWN information being put out there.

While a single "vulnerability" alone is fairly harmless the fact that a wide open wifi is being used in conjunction with easily accessible and unencrypted information is troubling

 

[michalrz]

Yup, needs more work especially if the stored info goes beyond name, some internal id and maybe class selections or grades.
Just explain as simple and politely as you can that there may be a problem. In writing.
Especially if you already told someone about your observations.

 

[mkrohn]

It appears it is literally a complete takeover from class registration to personal information to school email to actually submitting homework assignments as them.

FASFA specific student loan information like not even joking EVERYTHING is wide open. Transcripts the works. Shouldn't be specifically SSN but basically everything but.

 

[goodcooper]

I know you're probably itching to exploit it it some spectacular way to demonstate the seriousness of security to them.
Don't do it though, just document the vulnerability in a formal letter to the school, attach any faulty user-visible html markup/javascript, how to reproduce and fix this.
Try to avoid admitting you actually used/tested it, even for fun. Just remind them that the students' and staff personal info is protected by law, cite the proper article and that's it.
Don't brag, don't belittle or shame them because you don't want them accusing you of anything.
Even if you know you're in the right you can still suffer unnecessary stress and expenses if they overreact.
Congrats on your fruitful hacking.

or just have a lawyer send a letter threatening to sue because your information is vulnerable, that would probably get it fixed pretty quick

 

[450]

or just have a lawyer send a letter threatening to sue because your information is vulnerable, that would probably get it fixed pretty quick

yep

 

[Nate7311]

or just have a lawyer send a letter threatening to sue because your information is vulnerable, that would probably get it fixed pretty quick

Best idea yet, keeps your DIRECT involvement out of it and gives the school an incentive to remediate the issue. Next question, is this commercial software or an in-house developed piece?