Skip to content
/ dtp-exploit-poc Public

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

delhitrafficpolice.nic.in/notice/pay-notice/
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vaibhavpandeyvpz/dtp-exploit-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.expo-shared
.expo-shared
 
 
assets
assets
 
 
.gitignore
.gitignore
 
 
App.js
App.js
 
 
README.md
README.md
 
 
app.json
app.json
 
 
babel.config.js
babel.config.js
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

dtp-exploit-poc

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

To test on your phone, download Expo Go (Android / iOS) and scan the QR code on https://expo.io/@vaibhavpandeyvpz/dtp-exploit-poc using your phone camera to run it.

Potential derivatives can also be used to create lookup tables by generating random vehicle numbers in acceptable ranges for each RTO. I have been trying to report this several times since almost a year on various email address(es) but no one has fixed this yet.

Please fix this immediately by simply masking the mobile number on server-side instead of doing it on client-side. This is being exploited in wild since ever to harass people.

EDIT: (20121/06/02) This is thankfully patched now.

About

Simple and single purpose PoC app built using React Native to demonstrate PII leak vulnerability in Delhi Traffic Police's notice payment website.

delhitrafficpolice.nic.in/notice/pay-notice/

Topics

security privacy exploit information vulnerability leak

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

20210530 Latest
May 29, 2021

Packages

No packages published

Languages