Giters

vaibhavpandeyvpz / dtp-exploit-poc

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

Home Page:https://delhitrafficpolice.nic.in/notice/pay-notice/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

exploitinformationleakprivacysecurityvulnerability

dtp-exploit-poc

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

To test on your phone, download Expo Go (Android / iOS) and scan the QR code on https://expo.io/@vaibhavpandeyvpz/dtp-exploit-poc using your phone camera to run it.

Potential derivatives can also be used to create lookup tables by generating random vehicle numbers in acceptable ranges for each RTO. I have been trying to report this several times since almost a year on various email address(es) but no one has fixed this yet.

Please fix this immediately by simply masking the mobile number on server-side instead of doing it on client-side. This is being exploited in wild since ever to harass people.

EDIT: (20121/06/02) This is thankfully patched now.

About

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

https://delhitrafficpolice.nic.in/notice/pay-notice/

exploitinformationleakprivacysecurityvulnerability

Languages

Language:JavaScript 100.0%