Jump to content

NDSEG 2019-2020

SFS

By SFS
in The Bank

 Share

Recommended Posts

hopefulstudent1997 Decaf

hopefulstudent1997

Posted
Posted
Just now, ohmyyyy said:

Doing some minor hacking. It looks like this is what those awarded will have shown. They already have all the appropriate elements in the HTML, but commented out. I'm guessing you only get access to those pages "/Fellow/PostAwardDashboard.aspx" if you've actually been awarded, which is totally a backend thing

image.thumb.png.502a728cfb4214f08ee7a9f2c01e7106.png

I've looked at this too. At least for me going to that URL just redirects to the login page. I think it's likely that there's no "hidden information" in Sysplus' system, they literally just don't have the info from the DoD, so they wouldn't really have anything to hide. 

Link to comment
Share on other sites
  • Replies 1.6k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

cellbiogal
cellbiogal

I realized this situation reminded me of something, so I made this GIF.  I hope a little humor will help hold us over until Friday. Good luck y'all!      

throwawayndseg
throwawayndseg
vpaglioni3
vpaglioni3

DAWN OF THE SECOND DAY And so it was that the applicants to the 2019-2020 NDSEG Fellowship found themselves on the forum at the dawn of the Second Day, April 14. The Second Day was far from the s

Posted Images

ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, NanosecondsR4Ever said:

Enhance GIF - Find & Share on GIPHY

The website is absolutely not secure. I submitted my app before I realized that some of my files weren't in pdf format, but I was able to resubmit by changing some booleans and making some custom buttons. In fact, the server actually accepted those updated files, which have persisted. Also, 12/23 update for those interested

Link to comment
Share on other sites
ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, hopefulstudent1997 said:

I've looked at this too. At least for me going to that URL just redirects to the login page. I think it's likely that there's no "hidden information" in Sysplus' system, they literally just don't have the info from the DoD, so they wouldn't really have anything to hide. 

For those interested, it does look like panelists have access to the website lmfao, so the dates likely mean something

 

image.thumb.png.79b0368bef3f6d628772e997fa41ae7b.png

 

Link to comment
Share on other sites
somethingsimple Caffeinated

somethingsimple

Posted
Posted (edited)

 

4 minutes ago, ohmyyyy said:

The website is absolutely not secure. I submitted my app before I realized that some of my files weren't in pdf format, but I was able to resubmit by changing some booleans and making some custom buttons. In fact, the server actually accepted those updated files, which have persisted. Also, 12/23 update for those interested

Meanwhile I thought I was clever for trying to change the awardee list tab html address to /FY2020 from /FY2019. #knowsnothingaboutcomputers

Edited by somethingsimple
Link to comment
Share on other sites
ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, ohmyyyy said:

For those interested, it does look like panelists have access to the website lmfao, so the dates likely mean something

 

image.thumb.png.79b0368bef3f6d628772e997fa41ae7b.png

 

It looks like they were so lazy that they just put the access menus for all possible users on a single page, and just commented out the unneeded parts depending on what type of user you are

Link to comment
Share on other sites
vpaglioni3 Double Shot

vpaglioni3

Posted
Posted
2 minutes ago, ohmyyyy said:

For those interested, it does look like panelists have access to the website lmfao, so the dates likely mean something

 

image.thumb.png.79b0368bef3f6d628772e997fa41ae7b.png

 

Ahh damn. Well ~December Gang~ is together til the end, which I suppose was back in December for us. 

Link to comment
Share on other sites
ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, somethingsimple said:

Can a computer science person break this down into English for those of us who know nothing about coding/hacking/scripts?

See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date.

Link to comment
Share on other sites
Eman2 Caffeinated

Eman2

Posted
Posted
Just now, ohmyyyy said:

See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date.

How did we just learn this now and not the last half month of speculation lol?

Link to comment
Share on other sites
GIIC Caffeinated

GIIC

Posted
Posted
1 minute ago, ohmyyyy said:

See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date.

Now can you reexplain this like for a 5 year old? I almost got it

Link to comment
Share on other sites
ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, Eman2 said:

How did we just learn this now and not the last half month of speculation lol?

The kind answer is anyone with an ounce of cybersecurity knowledge would look at the website and say "you're literally revealing information about directory structure to an outside attacker if they just glance at the HTML"

Link to comment
Share on other sites
Eman2 Caffeinated

Eman2

Posted
Posted
Just now, GIIC said:

Now can you reexplain this like for a 5 year old? I almost got it

I think the fact that this code was on the webpage implies that there is a version of this webpage that is different if you are have access to the dod page which makes it seem like they used this portal to rank the applications

Link to comment
Share on other sites
ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, Eman2 said:

I think the fact that this code was on the webpage implies that there is a version of this webpage that is different if you are have access to the dod page which makes it seem like they used this portal to rank the applications

Exactly right. And what better way to store ranks/evaluations than to "update" your record

Link to comment
Share on other sites
3st3rb Espresso Shot

3st3rb

Posted
Posted (edited)

So for what it's worth, I've been on Rob's end of doing something like this for a set of competitive HS summer programs. (The application is literally like a college app). 

Reviewers, recommenders and applicants have access to the same webpage, but get assigned different permissions which changes what they see. We also have 3 stages of reviews before results. >GPA/Test Scores etc etc. > selection committee ranking > final selections > results are out. 

Because different people along the process have different permissions, the applicant's last update date does change as they are moved from one bucket to the next so that their info can be seen by the person in the next stage. But dates change a lot and multiple times between one stage and the next because sometimes if we want to try out new layouts or change the interface for a specific category of user we'll go in and assume their "role" which also changes the date for last update.... sometimes a lot if we want to mock going through all the ways a user can interact with the page. All ranking, commenting on apps, and evals happens in the same portal. 

The last stage before the results come out is the tricky one because we basically have the rosters ready and made but are waiting for the official release from the University to go live. My guess is that this is where we're at right now. 

 

Edited by 3st3rb
Link to comment
Share on other sites
alcoholistic Caffeinated

alcoholistic

Posted
Posted

In other news, I added a page to my website to commemorate the December Gang. https://www.andrewjin.com/december-gang

Join the December Gang Email List!
Form: https://docs.google.com/forms/d/1-Ed6oU9sJJS6IBzfJjrT7xscD6hAh9fO6s1BhRtTXOY/edit#responses

Responses (Request Access to Protect Emails) https://docs.google.com/spreadsheets/d/1zKWURsJSQHNsJ2ckWMs_ehpwo6Ucp20AiUCYaz5eDGI/edit?usp=sharing

I'm manually adding people so give me a couple minutes to add you if you request!

 
Link to comment
Share on other sites
ohmyyyy Decaf

ohmyyyy

Posted
Posted
Just now, Physicsisphysics said:

Would it be possible to see your scores/rankings by editing the HTML or no?

I don't think so. The dropdown menus are just links to those other parts of the website. We can't actually access them

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...

Important Information

This website uses cookies to ensure you get the best experience on our website. See our Privacy Policy and Terms of Use

  I accept