pr00f Posted September 12, 2017 Report Posted September 12, 2017 As I am now an adult, I sometimes need to look at taxes. The longstanding tradition of adults dictates that I must look at my taxes and say to my fellow adults “wow, I wish I had that money which is spent on single payer universal healthcare, infrastructure and education so I could spend it on video games, hardware I never use and thousands of tiny 3D printed statues of myself.”. Regardless, I didn’t expect my micro-sojourn into responsibility to result in a somewhat bad security issue followed by the ability to arbitrarily modify people’s tax details after making them click a link, followed by a 2 month journey to getting confirmed fixes. Welcome to my 3 step guide to hacking the uk tax system, I guess. The UK tax system login process is neat, and well thought out. One goes through an interstitial login web form which requests an identification number, a password, and a code texted to your cellular mobile device. On the technical side of things, this is achieved by the common redirect forwarding pattern in which the page that required login hands off to the login page with a note in parameter form saying where to send the user back to when the login process is successfully completed and you’re ready to dive into taxes and such. Source: https://medium.com/@Zemnmez/how-to-hack-the-uk-tax-system-i-guess-3e84b70f8b 1 Quote
