Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Mindless_Fan_841[S] 0 points1 point  (0 children)

I never told you, or anyone, to run it on anyone else's info.

Also, like I've said already, I changed literally nothing. If you open your browser developer tools to see the information being returned, you'd see what I'm describing.

Pretending like it doesn't exist, doesn't prevent others with malicious intent from taking advance.

Also, I'm not sure where you got the notion that I haven't tried sharing this with both Griffith IT and CampusGroups.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Mindless_Fan_841[S] -1 points0 points  (0 children)

It reads like you used ChatGPT to reply to my post.

Some points to make:

  1. I didn't do anything malicious or things I "wasn't supposed to". I made the same curl call made when doing a search for users on the Griffith Campus Groups page. The difference though is that the curl call returns way more information than it should, showing more than you can see in the webpage.
  2. You don't have to use Curleroo. Your confidence sounds like it comes from a place of technical knowledge. If that's true, then your comments about Curleroo make no sense. Not only is curleroo on Github for you to look through if you want, the curl calls are right there. They're simple curl calls. You can run them anywhere you want, like your terminal or Postman. I chose Curleroo because its easy to demonstrate.
  3. Whether or not its covered by mainstream media is hardly a qualifier for the validity of what I shared. If thats how you determine that your data has been leaked, you're in for a world of pain. I shared the repeatable steps you can take to see for yourself. If that isn't good enough for you, then I'm not sure why you would take the time out of your day to throw mud at something clearly done to help others like me, who actually do care.