How I hacked into Delhi University Admin Dashboard : A case study .
1 min read
Summary
On discovering Shodan, a search engine for open sources and database vulnerabilities, conditioner 2022 decided to see what he could find.
Using the search term “ssl:du.
ac.in”, he discovered the domain for Delhi University and a device named “Unibox Administration”, the user guide for which included default login credentials.
Using the default “admin” username and password, conditioner was able to access the full admin account for the University’s network access controller and hotspot gateway, Unibox.
From there, the hacker found that he could view the email addresses of 66,000 students, as well as 420 administrative email addresses.
conditioner also noted that he could have changed admin passwords and carried out port forwarding, and other functions, too.