Feb 21, 2024 · Information Security

Student Information Leakage via Unauthenticated API in a University System

The article details a security case where an unauthenticated university API allowed an attacker to enumerate and download thousands of students' personal data by manipulating pagination parameters after discovering default credentials from a leaked PDF.

API enumerationStudent Datadata leakage

0 likes · 7 min read

Student Information Leakage via Unauthenticated API in a University System

Top Architect

Jan 19, 2022 · Information Security

Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App

This article details a step‑by‑step penetration testing process where the author captures network traffic from a mobile app, enumerates hidden API endpoints, exploits injection flaws to retrieve backend credentials, examines upload validation, and ultimately gains admin access while highlighting the challenges faced.

API enumerationSQL injectionmobile app security

0 likes · 7 min read

Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App