I was just protesting against their stupid system and this happened. I posted about my payment not updating issues where I made the payment but still after 24 hours, it did not update on their shi**y cheap website and I had to pay it twice. And then they suspended my account. I didn't even use any offensive words. This is a clear violation of freedom of speech. Shame on CBSE 🤬🤬🤬🤬😡
[repost because first got nuked by bot for including slurs]
Okay hear me out. I got 85% and really wanted that 90% so I applied for re-evaluation. Today I got the copies, I checked them out all one by one.
What was different in mine?
- All the pages were clearly scanned (mobile photo, they were clear but that doesn't make it any better check this comment out), except that one page it had a lil blur but was still legible.
- Marks were properly given. Heck I need to say they were generous, when I wrote the wrong formula and they gave me 1/2 marks.
- No other problems tbh. I can't complain, they beat me to it.
Anyway why am I writing this?
-> It is to give an perspective that there are really hardworking people behind CBSE who care for us. Who want us to succeed without even knowing who we are. They are the people I love. When I grow up I'd like to be like the teacher who put a blind eye to my mistake (or the computer sceen got to him and he didn't see xD idk what happened, but I'd like to give the benefit of doubt to them.)
In the midst of hating CBSE (<insert bad word> CBSE) we must not forget to appreciate the people behind CBSE who are real good people. (here I refer to the good teachers, ONLY)
PS: Many people didn't have good luck as mine - evidently in this subreddit. The situation is really absurd and not at all tolerable. But there are cases like mine, and I don't think anybody is going to make a write-up for their good checking. So I did it myself to let you know there indeed is a lotus amidst the mud.
Good luck with the fight guys. I'll help by upvoting/liking and reposting things in Reddit and Twitter. Can't do much from North East, can I?....love you all :heart:
create engagement in youtube and share it to cross groups....dont have to credit me...THE MESSAGE IS CLEAR
2 pages from my answer sheet are missing and they added pages from someone else's answersheet
Got 1570 SAT. Got into Rutgers. Embry-Riddle. Clemson. WPI. RIT.
And I'm still sitting and thinking about my life, which is getting F*** over by CBSE coz they can't do a proper checking, can't make a proper website, and after f***** lakhs of students' future, no one is accountable for anything.
CBSE opened its answer sheet portal. It crashed. Scans were blurry. Maintenance for hours. Traffic, they had MONTHS to prepare for.
BLUNDER by CBSE is delaying my loan, my visa, my entire Fall 2026 plan.
We students get zero tolerance if they miss deadlines, 75% attendance, 75% marks. When you do all still somehow, you need to fight with this broken system, and CBSE gets zero consequences for failing us.
We think marks are enough? Nah. We also need to fight a system that genuinely does not care if you make it or not.
The system isn't broken by accident. It's just never been fixed because nobody faces consequences for failing us.
SORRY but all this makes me feel somewhere i was loser, but maybe not.
FAAH CBSE
Wow cbse. You have reached a new low. I just got my English Ki copy and wow, this is actually so diabolical. So they attached someone elses section A to my paper and mera question 7 which I had 100% wrote(you can even see last part of question 7) has been erased. So mere 5-6 marks got deducted just because cbse failed to scan one of the questions and messed it all up. This is just… amazingly bad at this point.
Also Give me names of major youtube or Insta teacher so I can email them about this
Also what questions should I even send for reevaluation at this point man
Not karmafarming, genuine issue. Words cannot describe what cbse did to us this year
Mods please allow it, we need it
I only applied to foreign uni's and without scholarship I cannot afford those universities, I got a scholarship with offer from 2 universities and conditions were 90+ in PCM, I have 95 in physics 93 in chemistry and only 77 in Maths when my maths paper had went the best out of the 3, I received my answer sheet and 3 pages were missing along with half of the remaining pages blurred, and 2 MCQ's given 0.5 marks except 1 mark. Many Unreadable (blurred) questions were given 0 marks. Now my scholarship is revoked, with scholarship fees was 40 Lakhs, without scholarship its 2.5 Cr. Pls help me what should I do?
I'm a hobbyist cybersec researcher, just got done with 12th this year. Have done bug bounty and stuff before for fun - this year CBSE introduced OSM and the portal link was public, it sparked my curiosity.
I opened the portal and started playing with the HTTP requests & everything.
I started reading their JS bundle code and found something horrible.
My first e-mail to CERT-In (Computer Emergency Response Team of the Indian Government):
\> Hi, I'm a hobbyist cybersecurity researcher and I have found some severe security issues in the CBSE On Screen Marking Portal ([https://cbse.onmark.co.in/cbseevalweb](https://cbse.onmark.co.in/cbseevalweb)).
\> There's a hardcoded master password in the main frontend javascript file. A master password \[REDACTED\] is hardcoded directly in the client-side JavaScript bundle. This password automatically fills the OTP field and bypasses normal authentication flows.
\> There are other severe issues as well, OTP validation logic is implemented entirely on the client side. The server sends the OTP in the authentication response, and JavaScript validates it locally before granting access.
\> Anyone can bypass the login panel easily as well because the validation takes place client side.
I was basically able to login as any teacher and edit marks myself.
They asked me for more information and screen recordings in the reply of the email. I replied with more information:
\> Hello, I'm attaching a screen recording of the OTP/auth Bypass vulnerability through the found master password in the frontend source code.
\> First of all, you'll need to find someone's user ID and school code (which is publically obtainable). For the password, I used the master password which I got by inspecting the frontend minified source code ([https://cbse.onmark.co.in/cbseevalweb/main.dc17c24606b3b008.js](https://cbse.onmark.co.in/cbseevalweb/main.dc17c24606b3b008.js)). The master password automatically bypassed OTP authentication as soon as I entered the password.
\> You can see how I did it in the attached video/screen recording file (I have attached a screen recording with this e-mail).
\> For the second login bypass vulnerability, you'll need to open DevTools of your browser and paste this snippet:
localStorage.setItem**(**'jwtToken', 'dev-token-12345'**)**;
sessionStorage.setItem**(**'role\_id', '23'**)**;
sessionStorage.setItem**(**'ValType', 'Regular'**)**;
sessionStorage.setItem**(**'eval', JSON.stringify**(**{
**user\_id:** 'DEV001',
**role\_id:** '23',
**mobile\_no:** '9999999999',
**email:** 'dev@test.com',
**jwtToken:** 'dev-token-12345'
}**))**;
*// Then navigate*
window.**location**.**href** = '/cbseevalweb/#/dashboard';
\> It'll bypass the login page and will take you straight to dashboard.
\> I found some new other issues as well:
\> The entire Angular route config has zero canActivate guards. Every route /dashboard, /profile, /evalscriptsview, /heallscripts, /evaluatordetails, /verificationdashboard, etc. is navigable by anyone. An unauthenticated user can just type the URL directly and land on any page. The only "protection" is a default redirect to /login, which is trivially bypassed.
\> The ChangePassword API only sends { ValuatorID, pin\_NewPassword }. The oldpassword variable exists in the component but is never included in the API payload. Combined with the IDOR issues present in the site, this means any user can change any other user's password without knowing the current one - full account takeover chain.
(can change anyone's password and take over their accounts)
\> There might be a potential systemic IDOR Across 40+ API Calls. The ValuatorID / user\_id in every API call comes from sessionStorage\["eval"\], which is trivially editable in DevTools. This is systemic, practically every POST request in the website/service is IDOR-vulnerable.
\> Thank you, please get back to me as soon as possible. I'll be happy to answer further questions/provide more PoCs.
They replied with a boilerplate email:
\> Dear Sir,
\> Thank you for reporting this incident to CERT-In.
\> We have registered your complaint/incident under Ref: CERTIn-XXXXX .
\> We are in process of taking appropriate action with the concerned authority.
After that, I've tried following up several times and sent mails - no reply from their end. It's funny that they could never patch most of the vulnerabilities I reported. I probably would've patched these vulnerabilities in an hour or two max if I was in their place. The incompetency of our authorities baffles me.
Thank you for reading!
Attached screenshots of some mails for proof.
tldr: i had hacked cbse osm portal and could edit anyone's marks, reset any examiner's password and change any of their details and so on.
edit (8:08pm):
tweeted about it and published a detailed blog on it: https://ni5arga.com/blog/posts/hacking-cbse/
edit (11:40pm):
tweet got taken down and my account got locked, in touch with twitter's support team.
I mean in the circular they say by 30th June, but this time they have wayyyy less papers to check and they also have to open portals for re-eval
We’ve started raising the ongoing CBSE Answerscript / Re-evaluation concerns on Twitter/X for better visibility and accountability.
The r/CBSE mod team is actively posting updates, asking questions, and trying to get this issue noticed publicly.
Please support us by: • Reposting/retweeting our posts
• Following our Twitter/X
• Engaging with the tweets for better reach
The more visibility this gets, the harder it becomes to ignore.
— r/CBSE mod team
THE STUDENTS DESERVE GRACE MARKS!!! THIS IS NOT FAIR AT ALL...
The answer sheets are blurred, 2 different answer sheets are merged, students are getting 0.5 marks in MCQs, Step markings weren't provided to the children How are you going compensate all these students.
Just give a 20 marks Grace to all students and let them pass their eligibility criteria for JEE and other exams... else the Teachers should do rechecking manually within the first week of July.
Corporate wants you to find the difference between these two pictures:
1.
2.
The first is from my answer sheet, the second from the official marking scheme. But I got 0 marks in it. An average chemist person would say that my compound is the same as the answer given, but whoever checked my paper probably thought that in my answer, the keto group is on the left and in the marking scheme it's on the right, so my answer is wrong.
It's okay if you got it wrong the first time, let's try again!
Find the difference b/w these two:
1.
2.
Question:
Again, if you said that my answer is the same as the marking scheme, YOU ARE WRONG! If you look closely, the CH2 in the marking scheme is slightly tilted, unlike my answer.
Hence it is WRONG. 0 MARKS!
I could go on and on about this, there are so many similar cases. Whoever checked my paper, I hope you had fun taking out your frustration on a student who tried his best to study your subject and secure a respectable score in it.
Blog Link: https://ni5arga.com/blog/posts/hacking-cbse/
What a clown man, is he satyamurthy of GenZ? 😭😭
I am an A level student , I was in cbse till 10th standard. CAIE/IGCSE has always done online checking. Like always. and the way they scan paper is amazing. and every paper has a margin where it is written do not write here or beyond it as it won’t be scanned and the marks here also extremely straightforward no 3/4 or 1/2 marks
1 mark for every correct point. And the grades are dependent on thresholds.
and past few days i have seen so many posts of blur scans as if they were taken in a hurry as a whatsapp photograph.
Just check on google A level student answer sheet. IT’S SO MUCH BETTER IN TERMS OF SCAN. ITS A PROPER SCAN.
I GENUINELY FEEL SO SO SO BAD FOR ALL OF YOU GUYS ALL MY PRAYERS TO YOU.
My bestfriend is in cbse and i saw her copy as well. F CBSE YOU GUYS WILL ROT FOR PLAYING WITH SO MANY STUDENT’S FUTURE. LIKE MARKING BLANK PAGE WHERE CLEARLY 2ANSWERS ARE WRITTEN???? F YOU.
