Analysis of Vulnerabilities in College Web-Based System

Abstract

Web-based systems are used extensively in Korea because web standards have been adapted by the law (e.g., Electronic Government Act). Users can easily access web-based systems if they are connected to the Internet. However, distinguishing between malicious and benign access is very difficult and many potential vulnerabilities exist. In this study, we attempt to leak the information of other users without permission using a non-encrypted API and web source code analysis in a college web-based system. An experiment demonstrates that the information (e.g., other students’ course grades) can be leaked and abnormal data can be embedded in the request. In addition, we discuss methods for preventing such vulnerability attacks.