Security vulnerabilities

Attached to Project: Security vulnerabilities
Opened by monty099 - 28.04.2025
Last edited by nferrari - 28.04.2025

Summary:
The Academic Cloud system of the web application is vulnerable to a clickjacking attack that allows an attacker to trick a user into deleting students from their platform unknowingly.

On-click Delete any student from the Academic Cloud platform by accessing the deletion URL directly.

Steps to Reproduce:

1. Create an account or log into the Academic Cloud platform.

2. The deletion URL looks like:
https://admin.alwaysdata.com/academic/release/{student_id}

3. Create an HTML proof-of-concept file with the following content:

<a href="https://admin.alwaysdata.com/academic/release/{student_id}">click</a>

4. Host this HTML page or send it via a link to the victim.

5. Once the victim clicks on the disguised link, the student is deleted from the Academic Cloud platform without their knowledge or consent.

An attacker can exploit this vulnerability by sending a direct link to the target (administrator or teacher) who has access to manage student accounts.

###POC: https://admin.alwaysdata.com/support/86502/

Impact:
The exploit enables unauthorized deletion of students from the Academic Cloud platform. This can lead to the loss of critical student data and disrupt academic processes, potentially damaging data integrity and undermining the platform’s security.