There were two serious loopholes in the Hackers do Bem program that were warned about and fixed last week: the first allowed the ranking of competitions between students, while the second allowed the modification of student registration data.
According to cybersecurity student George Luiz de Freitas Souza, a student of the Hackers do Bem program, in a report to CISO Advisor, the flaws were alerted to program managers and have already been fixed.
first failure It revealed competition rankings among students that “were not supposed to be publicly available and were accessible due to a bug in the Hackers do Bem website code.”
second failure “It allowed an attacker to change the CPF and email linked to student accounts. “This loophole could allow access to user accounts, which could lead to actions such as deleting and modifying profiles, manipulating ranking positions, and fraudulently issuing certificates of completion of course milestones.”
In a statement on the tool, Souza claims that the discoveries were made during analysis of the portal code; For example, by searching directories (Forced Crawl/Directory Traversal), it was possible to view the full ranking data, including other participants’ data.
Finally, the second flaw even allowed the creation of course certificates for third parties. As previously mentioned, the errors were corrected after contacting the student.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
