/NLearn-Vulnerability

A python script which brute-forces and resets the passwords for NLearn Accounts

Primary LanguagePythonThe UnlicenseUnlicense

NLearn Vulnerability

A security flaw in NLearn allows anyone to reset the password for any account and compromise them.

Disclaimer

This Tool is made for educational purpose only! The Author will not be responsible for any misuse of this code!

Installation

Use the Github CLI Git-SCM to clone this Repo.

git clone https://github.com/Sspirax/NLearn-Vulnerability.git

Usage

python run.py

Enter the admission number along with the new password for that account.

Output

After the program finishes executing, you can log in here with the admission number and the new password you set.

Login

You can successfully log in with the new password that you set.

Homepage

The user's profile page has private information like their Address, Date of Birth, Phone Number, etc.

Profile

Vulnerability

NLearn has a forgot password feature that allows you to reset your password by sending an OTP to your registered mobile number.

The website uses a four-digit code and doesn't have a captcha or rate limit, allowing anyone to brute force the code and change the password without having access to the code.

This script uses the vulnerability and sends the required requests before brute-forcing the OTP and changing the password.

I tried to find NSpira's Bug Bounty/Security E-Mail Address to report this vulnerability but I was unable to find any. So I sent the code along with the description to info@nspira.in but I never heard back.

Profile

License

Copyright (C) Adith . See LICENSE for more information.