Data breach discovered in Jerusalem Municipality website

The Jerusalem Post reports:

A breach granting access to documents containing the personal information of hundreds of thousands of residents was found and repaired in the Jerusalem Municipality’s website, the tech website Geektime reported on Wednesday.

The breach was discovered by Hezkiyahu Raful, a programmer, while he was trying to help his uncle file an appeal to a parking ticket. When they attempted to look at photos taken by the municipal inspector who issued the ticket, there was no download button, so Raful pressed F12 to show the source code of the page. That’s when he saw that the URL had a numerical ID at the end and found that he could access additional parking ticket files by simply changing the number.
But that wasn’t the end of the risks he found.  He reportedly
also discovered that changing numbers in the middle of the URL enabled him to access building files, tickets, tax files and “any document that the municipality publishes or receives,” said Raful to Geektime.

Read more on The Jerusalem Post.

h/t, @Chum1ng0

About the author: Dissent

Comments are closed.