hopefulstudent1997 Posted April 15, 2020 Posted April 15, 2020 Just now, ohmyyyy said: Doing some minor hacking. It looks like this is what those awarded will have shown. They already have all the appropriate elements in the HTML, but commented out. I'm guessing you only get access to those pages "/Fellow/PostAwardDashboard.aspx" if you've actually been awarded, which is totally a backend thing I've looked at this too. At least for me going to that URL just redirects to the login page. I think it's likely that there's no "hidden information" in Sysplus' system, they literally just don't have the info from the DoD, so they wouldn't really have anything to hide.
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, NanosecondsR4Ever said: The website is absolutely not secure. I submitted my app before I realized that some of my files weren't in pdf format, but I was able to resubmit by changing some booleans and making some custom buttons. In fact, the server actually accepted those updated files, which have persisted. Also, 12/23 update for those interested
Nutellaoatmeal Posted April 15, 2020 Posted April 15, 2020 Still with ~DecemberGang~ over here, 12/6 and ONR! Tbh would not be surprised if Sysplus also misses the 7:00PM EST release time estimate
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, hopefulstudent1997 said: I've looked at this too. At least for me going to that URL just redirects to the login page. I think it's likely that there's no "hidden information" in Sysplus' system, they literally just don't have the info from the DoD, so they wouldn't really have anything to hide. For those interested, it does look like panelists have access to the website lmfao, so the dates likely mean something hopefulstudent1997 1
somethingsimple Posted April 15, 2020 Posted April 15, 2020 (edited) 4 minutes ago, ohmyyyy said: The website is absolutely not secure. I submitted my app before I realized that some of my files weren't in pdf format, but I was able to resubmit by changing some booleans and making some custom buttons. In fact, the server actually accepted those updated files, which have persisted. Also, 12/23 update for those interested Meanwhile I thought I was clever for trying to change the awardee list tab html address to /FY2020 from /FY2019. #knowsnothingaboutcomputers Edited April 15, 2020 by somethingsimple
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, ohmyyyy said: For those interested, it does look like panelists have access to the website lmfao, so the dates likely mean something It looks like they were so lazy that they just put the access menus for all possible users on a single page, and just commented out the unneeded parts depending on what type of user you are
somethingsimple Posted April 15, 2020 Posted April 15, 2020 Can a computer science person break this down into English for those of us who know nothing about coding/hacking/scripts? ksanchez96 and GIIC 1 1
vpaglioni3 Posted April 15, 2020 Posted April 15, 2020 2 minutes ago, ohmyyyy said: For those interested, it does look like panelists have access to the website lmfao, so the dates likely mean something Ahh damn. Well ~December Gang~ is together til the end, which I suppose was back in December for us.
GIIC Posted April 15, 2020 Posted April 15, 2020 Haha yes please translate! I’m sitting here trying to convince myself this totally makes sense and I’m lost
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, somethingsimple said: Can a computer science person break this down into English for those of us who know nothing about coding/hacking/scripts? See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date. hopefulstudent1997 1
Eman2 Posted April 15, 2020 Posted April 15, 2020 Just now, ohmyyyy said: See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date. How did we just learn this now and not the last half month of speculation lol?
GIIC Posted April 15, 2020 Posted April 15, 2020 1 minute ago, ohmyyyy said: See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date. Now can you reexplain this like for a 5 year old? I almost got it
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, Eman2 said: How did we just learn this now and not the last half month of speculation lol? The kind answer is anyone with an ounce of cybersecurity knowledge would look at the website and say "you're literally revealing information about directory structure to an outside attacker if they just glance at the HTML"
Eman2 Posted April 15, 2020 Posted April 15, 2020 Just now, GIIC said: Now can you reexplain this like for a 5 year old? I almost got it I think the fact that this code was on the webpage implies that there is a version of this webpage that is different if you are have access to the dod page which makes it seem like they used this portal to rank the applications GIIC 1
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, Eman2 said: I think the fact that this code was on the webpage implies that there is a version of this webpage that is different if you are have access to the dod page which makes it seem like they used this portal to rank the applications Exactly right. And what better way to store ranks/evaluations than to "update" your record
OhTheStress Posted April 15, 2020 Posted April 15, 2020 Just now, ohmyyyy said: Exactly right. And what better way to store ranks/evaluations than to "update" your record I'm not sure whether to find this comforting or additionally stressful right now.
Physicsisphysics Posted April 15, 2020 Posted April 15, 2020 Would it be possible to see your scores/rankings by editing the HTML or no?
3st3rb Posted April 15, 2020 Posted April 15, 2020 (edited) So for what it's worth, I've been on Rob's end of doing something like this for a set of competitive HS summer programs. (The application is literally like a college app). Reviewers, recommenders and applicants have access to the same webpage, but get assigned different permissions which changes what they see. We also have 3 stages of reviews before results. >GPA/Test Scores etc etc. > selection committee ranking > final selections > results are out. Because different people along the process have different permissions, the applicant's last update date does change as they are moved from one bucket to the next so that their info can be seen by the person in the next stage. But dates change a lot and multiple times between one stage and the next because sometimes if we want to try out new layouts or change the interface for a specific category of user we'll go in and assume their "role" which also changes the date for last update.... sometimes a lot if we want to mock going through all the ways a user can interact with the page. All ranking, commenting on apps, and evals happens in the same portal. The last stage before the results come out is the tricky one because we basically have the rosters ready and made but are waiting for the official release from the University to go live. My guess is that this is where we're at right now. Edited April 15, 2020 by 3st3rb alcoholistic 1
alcoholistic Posted April 15, 2020 Posted April 15, 2020 In other news, I added a page to my website to commemorate the December Gang. https://www.andrewjin.com/december-gang Join the December Gang Email List! Form: https://docs.google.com/forms/d/1-Ed6oU9sJJS6IBzfJjrT7xscD6hAh9fO6s1BhRtTXOY/edit#responses Responses (Request Access to Protect Emails) https://docs.google.com/spreadsheets/d/1zKWURsJSQHNsJ2ckWMs_ehpwo6Ucp20AiUCYaz5eDGI/edit?usp=sharing I'm manually adding people so give me a couple minutes to add you if you request! somethingsimple 1
vpaglioni3 Posted April 15, 2020 Posted April 15, 2020 Just now, ScienceGeek said: T-minus 1 hour! Ladies, gentlemen... it’s been an honor waiting with you. OhTheStress 1
ohmyyyy Posted April 15, 2020 Posted April 15, 2020 Just now, Physicsisphysics said: Would it be possible to see your scores/rankings by editing the HTML or no? I don't think so. The dropdown menus are just links to those other parts of the website. We can't actually access them
OhTheStress Posted April 15, 2020 Posted April 15, 2020 Just now, ohmyyyy said: I don't think so. The dropdown menus are just links to those other parts of the website. We can't actually access them Pretty sure SysPlus would frown on us actually editing their website.
h2hoe Posted April 15, 2020 Posted April 15, 2020 Do we think they'll actually give results within the hour?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now