Blog | PHAM Hoang Phi

( •_•)

Master

PHAM HOANG PHI

Student at

University of Debrecen

Debrecen, Hajdu-Bihar, Hungary

C# MATLAB Python JavaScript ASP.NET AI/ML

Updated: Feb 2026

PHAM HOANG PHI

Security Blog

Part 2: From 900 to 80,000 – How a University's Entire Network Was Left Wide Open

June 13, 2026 · 33 min read IDOR Broken Access Control API Abuse Data Exposure Password Leak Account Takeover CVSS Critical

After discovering 896 exposed ID cards in Part 1, I investigated the same vendor's in-house network platform at University X. What I found was far worse: 80,053 accounts, staff passwords in the API...

How 896 ID Cards Were Exposed Through a Vietnamese University's Exam Portal

March 24, 2026 · 35 min read IDOR Broken Access Control API Abuse Data Exposure CVSS Critical

This report documents a security research investigation into the web application of the Testing Center at University X. Through reverse engineering a Vietnamese JavaScript framework, I identified u...