Learn More
Resend Email
3
human
7y

I created a custom interface for an LMS that allows students to see their marks even if they haven't been 'shared' yet by their teachers. This is all done without accessing any unauthorized apis, as the LMS always returns all student marks and then hides the ones with a False 'shared' key. School administration caught me, so I've now shut it down. I have a meeting with the deans tomorrow. Any advice? (Again, this is all done using existing methods found within this LMS)

undefined

lms

caught

exploit

school
Favorite
Ranter
Comments
  • 1
    7y
    Play it down, you only thought you were using "available" interactions and not trying to "exploit" anything. Making something convenient, use that you masked then stopped it as part of the defense to back that.
  • 1
    7y
    Under no circumstances should you do what I did and tell them to secure their shit better
  • 1
    7y
    @Devintrix haha
  • 0
    7y
    "School administration caught me" - well I'd say you caught them. Just don't tell them that. You should've emailed them about there bad architecture instead of making a cool ui if you did not want the possibility of trouble...
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment