Dan Bugglin needed to find a course to fill three hours of general elective study. As fun as Masterpieces of Inner City Scandinavian Drama sounded, he thought he'd be better off with something a bit more closely related to his major, and signed up for Applications of Security and Cryptography.

The course sounded like it'd be pretty fun. Dan and his fellow students would learn the different models of security for real-time, business, and other applications, and also about the different types of cryptography and encryption for sensitive data. The professor even built a course website with a message board to help students collaborate on various projects. Unfortunately, Dan realized far too late that the instructor was actually a visiting professor from WTFU.

When Dan went to create a student account on the professor's message board system, it crashed with a rather strange error:

error writing to datafile "data/passwords.txt":
separator count mismatch

On a hunch, Dan entered in "data/passwords.txt" at the end of the message board's web address and was presented with a caret-delimited file of student id's, access levels, names, and passwords. Dan tried again, this time without using the "^" symbol in his password. He now had an account.

He thought he'd take a look at the passwords file again to see if his name was added. It was, though his password was different than what he had entered in: it was encrypted! Well, that's not too bad -- just because one has the encrypted value, doesn't mean he can crack it. Dan stared at the passwords for a few seconds and thought the scheme looked awfully familiar. It wasn't DES ... or SHA ... or MD5 ... or RSA ... it was ... ROT13? He took a moment to appreciate the irony of a cryptography professor using a substitution cipher for a cryptography class and explored the security/cryptography website a bit further.

Dan noticed that the professor didn't use cookies or session tokens to handle whether the user was "logged in" or not. Rather, he used an html form with hidden input fields and lots of submit buttons:

<form method="post">
  <input type="hidden" name="username" value="dbugglin">
  <input type="hidden" name="access" value="student"> 
  ... snip ...

As expected, with a bit of Javascript, Dan changed the "username" field and could now see his classmate's student data. That was the last straw; it was time to drop the course. Dan went back to see if Masterpieces of Inner City Scandinavian Drama was still open.

But then, all of a sudden, Dan changed his mind again. It all made perfect sense. Think about it. It was the perfect Final Assignment. Find holes in the course website. Could there be a better treat for security-minded students? Dan was once again excited to be in the class.

Unfortunately, the Final Assignment never came. It turns out that the website was actually a practical application of the visiting professor's knowledge of the subject. And that is how Dan came to regret not taking Masterpieces of Inner City Scandinavian Drama.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!