Our unniversity uses this godawful ugly ass system to register for classes. I found out that the system is actually made by an outside company, and they actually PAID for the POS.

It clearly looks like it was made with frontpage. It has all the frontpage buttons and everything!

Well, anyways, I found 2 major security holes in it this week!! The first will display your username and password on the display in an unencrypted form!!! So bein the nice person i am, i emailed the webmaster and walked him through the process. It worked for him. I wasnt even trying to hack the page. I was just trying to display my account.

The second flaw was found when i was checking to see if they fixed the first flaw. I found that a password exsists to access all accounts. This allows you to login and change things like that accounts registered classes, the mailing address, their access code. You can also see their academic history, class listing, and financial history.

I will not give any of this information out, because it can cause a decent amount of damage. The manufacturer has also been notified. I am just curious if anyone uses this system besides my school.

Haha... My school did that too, but it was something called WebAdvisor or something. Part way into discovering all sorts of bugs they made me make one from scratch, took forever, even with the off and on help i was getting. They track SO much stuff its crazy. Was a bitch to do but they couldn't find any securty holes, then again they couldn't find the other ones.

and they say Microsoft security holes are bad. :P