A student at QOU finds gaps in Pentagon website

Published on: 23-08-2017

 

A student at Al-Quds Open University Jenin Branch was able to detect a gap on the website of the Pentagon.  Amjad Nayef Mahmoud Kabaha, a student at the Faculty of Technology and Applied Sciences, submitted a report to HACKERONE platform about a sensitive vulnerability of CSRF in the ministry's website.

The student discovered about 48 gaps in prominent international sites. Among the most famous sites: (WESTRUNION), (GOOGLE) (MASTER CARD), (DELL International), (NETGEAR) and others.

Kabaha added: "What I found is a sensitive gap that enables hackers to send (forms) that contain confirmation of the password, and once the officer of the ministry clicks on the confirmation, the password is accepted to log into the account. “After contacting the Pentagon, they acknowledged the gap, and then the gap was fixed. They put my name on the ministry's honor list as a person who contributed to the protection of this site from pirates. "

Kabaha also mentioned that he is currently working on the development of special tools to protect the sites from penetration, explaining that he discovered gaps in (Facebook) and he will go through the legal procedures to inform the management of (Facebook) about this gap to protect users from the risk of being hacked.

Kabaha , who works in the construction sector inside the Green Line and studies at Al Quds Open University, added that he is seeking to become a specialist in information security in the technology and telecommunications sectors in  Palestine.

Dr. Eng. Isla, Amr said that after examining the student's outstanding and talented effort, it was recommended to grant him a set of rewards and motivate him to carry out and develop more researches in this regard. Amr added that it is not the first student to record gaps in international sites, as earlier a student at QOU discovered a gap in the social networking site (Facebook), as well as dozens of students who contributed to the protection of Palestinian websites from hackers.

Dr. Imad Nazzal, Director of Jenin Branch commented  that other students from Al-Quds Open University, have achieved successes at both national and international levels , and the University has received a number of international awards in recent years, and these accumulated efforts indicate the students' keenness to innovate and serve their country.