I attempted on national competition in an IT field, where there were tens of great projects (in other fields as well, like chemistry and so..). We had to push everything to their portal, so they can study it in advance. While pushing the docs, I found that there were SQL injections that allowed me to list everyone's rating and to download every single doc / additional sources.
Worst part is, that even after I reported vulnerability, they obviously didn't had time to fix it.