While the Congi IT Cell backed self-proclaimed 'hacker' is busy in faking some raw headers/requests/responses as 'hack', here I expose a real vulnerability & private data leak in the @INCIndia's Social Media Warriors Official Website http://incsmw.in !

[Thread] https://twitter.com/fs0c131y/status/1359573825579548674
We're all aware that @INCIndia has launched a mega campaign of recruiting "5 Lakh Social Media Warriors", lately.

The registrations are also on, at http://incsmw.in .

The registration form seeks info like Name, Address, Mobile No, Twitter/FB a/c handles, Email, etc.
But, is all that data you feed there, safe & secure? No.

Anyone can download the complete data of all such registered members. Take a look at a few screens.

Data leak of registered users from Bihar:
But, is all that data you feed there, safe & secure? No.Anyone can download the complete data of all such registered members. Take a look at a few screens.Data leak of registered users from Bihar:
But, is all that data you feed there, safe & secure? No.Anyone can download the complete data of all such registered members. Take a look at a few screens.Data leak of registered users from Bihar:
Some data leaks of registered users from WB:
Some data leaks of registered users from WB:
Some data leaks of registered users from WB:
In this manner, the personal data of all the users registered on their website is at risk.

The data can be downloaded by anyone, by simply tweaking a few queries on their website!
What next?

Their database also exposes many Congi IT Cell Members' sensitive details like Mobile Numbers, Passwords, VoterID details, etc.

They've the passwords stored in plain-text!🤦‍♂️

I tested the validity of a VoterID on ECI portal, and were found valid.

Check screens.
What next? Their database also exposes many Congi IT Cell Members' sensitive details like Mobile Numbers, Passwords, VoterID details, etc.They've the passwords stored in plain-text!I tested the validity of a VoterID on ECI portal, and were found valid.Check screens.
What next? Their database also exposes many Congi IT Cell Members' sensitive details like Mobile Numbers, Passwords, VoterID details, etc.They've the passwords stored in plain-text!I tested the validity of a VoterID on ECI portal, and were found valid.Check screens.
What next? Their database also exposes many Congi IT Cell Members' sensitive details like Mobile Numbers, Passwords, VoterID details, etc.They've the passwords stored in plain-text!I tested the validity of a VoterID on ECI portal, and were found valid.Check screens.
Some screens of accessing the "Admin section" of the http://incsmw.in  website!
Some screens of accessing the "Admin section" of the http://incsmw.in  website!
Some screens of accessing the "Admin section" of the http://incsmw.in  website!
Some screens of accessing the "Admin section" of the http://incsmw.in  website!
Some screens of accessing the "Admin section" of the http://incsmw.in  website!
Some screens of accessing the "Interviewer section" of the http://incsmw.in  website!
Some screens of accessing the "Interviewer section" of the http://incsmw.in  website!
Some screens of accessing the "Interviewer section" of the http://incsmw.in  website!
Some screens of accessing the "Interviewer section" of the http://incsmw.in  website!
Some screens of accessing the "Interviewer section" of the http://incsmw.in  website!
I appeal to @INCIndia to get their website, which currently leaks people's sensitive/private data, fixed; and not to blindly back some wannabe 'hacker' who shows raw GET/POST data & claims it to be an 'expose'!🤦‍♂️😅

[Thread Ends]
Cc: @memenist_ @TheRightster @RaowlGandhi
You can follow @rsgovin.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.