Radboud Students hack the TU Delft

Date of news: 6 July 2022

Three students from the local CTF-RU team - Baris Atik, Mark Fijneman, and Jonathan Jagt - took part in the HALON (Hack AL het Onderwijs Nederland!) event to hack the TU Delft https://www.surf.nl/en/agenda/join-halon-and-hack-a-university.

They won the prize for the Most Creative Verified Vulnerability, for client-side password hashing https://www.linkedin.com/posts/activity-6947862989454630912-a4wy/. They also found a local file inclusion that could be used to obtain credentials, and a reflected XSS in the search functionality of a WordPress website.