Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vaibhavpandeyvpz/dtp-exploit-poc

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.
https://github.com/vaibhavpandeyvpz/dtp-exploit-poc

exploit information leak privacy security vulnerability

Last synced: about 1 month ago
JSON representation

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

Awesome Lists containing this project

README 

        
# dtp-exploit-poc



Simple and single purpose [PoC](https://en.wikipedia.org/wiki/Proof_of_concept) app built using [React Native](https://reactnative.dev/) to demonstrate [PII](https://en.wikipedia.org/wiki/Personal_data) leak vulnerability in **Delhi Traffic Police**'s [notice payment](https://delhitrafficpolice.nic.in/notice/pay-notice/) website.



To test on your phone, download [Expo Go](https://expo.io/client) ([Android](https://play.google.com/store/apps/details?id=host.exp.exponent) / [iOS](https://itunes.apple.com/app/apple-store/id982107779)) and scan the QR code on [https://expo.io/@vaibhavpandeyvpz/dtp-exploit-poc](https://expo.io/@vaibhavpandeyvpz/dtp-exploit-poc) using your phone camera to run it.



Potential derivatives can also be used to create lookup tables by generating random vehicle numbers in acceptable ranges for each RTO. I have been trying to report this several times since almost a year on various email address(es) but no one has fixed this yet.



Please fix this immediately by simply masking the mobile number on server-side instead of doing it on client-side. This is being exploited in wild since ever to harass people.



---



**EDIT:** (20121/06/02) This is thankfully patched now.