PeopleSoft: Hack The Planet's Universities presented at deepsec 2017

by Dmitry Yudin,

Summary : The PeopleSoft Campus Solutions is used in more than 1000 universities worldwide. In this presentation we will show how to use several vulnerabilities to gain access to the entire information system of the University. And it means grade fraud, sabotage, access to student information, access to credit cards, bills, payment plans, fees, etc. In this presentation, we'll look at the architecture of peoplesoft products, its strengths and weaknesses. We show attack surface, and demonstrate a practical attack on the system. We also prove how one vulnerability affects a whole family of products, Oracle PeopleSoft, not just PeopleSoft Campus Solutions.