Apparently, after the last year's breach of private and confidential marks data of students CISCE (Council For The Indian School Certificate Examinations, New Delhi) took certain protective measures to ensure no mass download of student data and to ensure the privacy for every student.
The following were the measures taken:
i) UID (Unique Identification): Each student is now given a unique ID instead of a sequential Index number for a group of students. So, now you cannot just add one to your Index number to see the result of the person who was sitting behind you in the examination.
ii) The CAPTCHA: As Indian websites are technically awesome with CAPTCHA, The Council gave us yet another example. You, apparently, need to enter the CAPTCHA each time you view a result.
Secure Enough? Bitch Please!
Cracking the Code:
The UID is a seven digit number! Of these the numbers of format 57xxxxx seem to work for the ICSE result. "So we can loop through each UID from 5700000 to 5800000 and download the results!" is what you are saying?
But the CAPTCHA!
Well guess what, you can simply send innumerable HTTP GET requests to the specific link with the same CAPTCHA. The GET request is sent to a URL of format:
http://www.cisce.org/Results/Result/ShowResult?courseCode=ICSE&uniqueId=<THE_UID_HERE>&captcha=<THE_CAPTCHA_CODE_HERE>&code=<THE_REQUEST_ID_HERE>
So, we visit http://www.cisce.org/Results to see a result, the genuine way. (You can be that honest, right?). View the page source and copy the RequestId. Now you have the RequestId and the CAPTCHA of 5 letters. Paste it at respective places in the link above with a valid UID and Bingo! The result is before you.
With that said you can simply automate the task to read the data of each and every student to you. But the UIDs are not sequential right? Okay, save the data in a database and sort by the specific school. Cool and simple enough.
For the proof hungry here is a proof of concept python script which saves the data of each student in HTML files for you.
The following were the measures taken:
i) UID (Unique Identification): Each student is now given a unique ID instead of a sequential Index number for a group of students. So, now you cannot just add one to your Index number to see the result of the person who was sitting behind you in the examination.
ii) The CAPTCHA: As Indian websites are technically awesome with CAPTCHA, The Council gave us yet another example. You, apparently, need to enter the CAPTCHA each time you view a result.
Secure Enough? Bitch Please!
Cracking the Code:
The UID is a seven digit number! Of these the numbers of format 57xxxxx seem to work for the ICSE result. "So we can loop through each UID from 5700000 to 5800000 and download the results!" is what you are saying?
But the CAPTCHA!
Well guess what, you can simply send innumerable HTTP GET requests to the specific link with the same CAPTCHA. The GET request is sent to a URL of format:
http://www.cisce.org/Results/Result/ShowResult?courseCode=ICSE&uniqueId=<THE_UID_HERE>&captcha=<THE_CAPTCHA_CODE_HERE>&code=<THE_REQUEST_ID_HERE>
So, we visit http://www.cisce.org/Results to see a result, the genuine way. (You can be that honest, right?). View the page source and copy the RequestId. Now you have the RequestId and the CAPTCHA of 5 letters. Paste it at respective places in the link above with a valid UID and Bingo! The result is before you.
With that said you can simply automate the task to read the data of each and every student to you. But the UIDs are not sequential right? Okay, save the data in a database and sort by the specific school. Cool and simple enough.
For the proof hungry here is a proof of concept python script which saves the data of each student in HTML files for you.
#! /usr/bin/env python # ICSEtroller.py # Author : Abdul Fatir import urllib2 startUID = 5700000 endUID = 5800000 HTTPopener = urllib2.build_opener() URL_1 = "http://www.cisce.org/Results/Result/ShowResult?courseCode=ICSE&uniqueId=" URL_2 = "&captcha=NPJGV&code=xCleI05nxKpy8Utv4okpig==" for i in range(startUID, endUID): HTTPresponse = HTTPopener.open(URL_1+str(i)+URL_2) received_data = HTTPresponse.read() _file = open(str(i)+".html","w") _file.write(received_data) _file.close()
