Document Actions
Hacking US Visa website
My in-laws have applied for US visitor visa and I am tracking their 
VISA appointment to see if we can prepone it so that they can come early to the US. I was at first impressed with the VFS (http://www.vfs-usa.co.in) website that caters to the US Visa requests from India for the controls that they had in place to ensure correctness and security. It would have never occurred to me to test those as I would have expected that any government website would tested and re-tested against vulnerabilities.
I guess I was wrong. All I did was to enter my father-in-laws details on the website. While doing so I somehow entered the last three digits of his visa fees receipt number wrong and VIOLA!!! I was presented with records of three apparently related people who were totally unrelated to me or my father-in-law. I could have canceled their appointment or done all kind of mischief. Needless to say, I closed the web-page promptly after taking this screen-shot.
Whether I should inform the US Visa department or not, I am not sure. But I thought I should publish this.
- Category(s)
- General
- Information Security
- Privacy
- The URL to Trackback this entry is:
- https://www.dharwadkar.com/weblog/hack_us_visa/tbping
i need to hack some visa, and visa credit card
Well blow me.. this is what at least 40% of the world's embassies use.