Ah... student competitions... that brings up memories...
When I was 15 or so, I took part in a tech competition for under 19 year olds. I designed and programmed a website for "grading" your teachers, complete with an admin interface for generating anonymous 1 time use codes for students. The goal was to make it easy for schools to allow students to provide anonymous, private feedback to their teachers.
I didn't win (there were a lot of other submissions that were pretty amazing, so no hard feelings about that).
But a few months later, someone tipped me off about a public teacher grading website. It looked very similar to my website, it was the same design, just with different colors. I couldn't believe it, but digging into it I found out that one of the people running this website was a jury member in the tech competition.
Because they were shoddy coders and didn't properly quote user input on HTML pages, I used a simple script injection attack to show a Java script alert on one of the pages.
Their website went nowhere (turns out that allowing students to publically grade their teachers is not going to be used for constructive feedback...)
But I was quite disillusioned how the jury of this competition cared so little about the contributions, they apparently just saw them as free ideas.
When I was 15 or so, I took part in a tech competition for under 19 year olds. I designed and programmed a website for "grading" your teachers, complete with an admin interface for generating anonymous 1 time use codes for students. The goal was to make it easy for schools to allow students to provide anonymous, private feedback to their teachers.
I didn't win (there were a lot of other submissions that were pretty amazing, so no hard feelings about that).
But a few months later, someone tipped me off about a public teacher grading website. It looked very similar to my website, it was the same design, just with different colors. I couldn't believe it, but digging into it I found out that one of the people running this website was a jury member in the tech competition.
Because they were shoddy coders and didn't properly quote user input on HTML pages, I used a simple script injection attack to show a Java script alert on one of the pages.
Their website went nowhere (turns out that allowing students to publically grade their teachers is not going to be used for constructive feedback...)
But I was quite disillusioned how the jury of this competition cared so little about the contributions, they apparently just saw them as free ideas.