Responsible Disclosure: An Exam Board Touting Dodgy PDFs

I hate academic tests. Wouldn't it be great if you could find the official answer papers?

Oh, cool, the OCR Exam Board is hosting answer sheets for all my classes!

Screenshot of Google results showing a bunch of answer books on the OCR page.

What happens if I click it?

Dodgy website trying to encourage peoople to sign up for a PDF reading service.

Yeach! It redirects users to a scammy ebook service hosted on an external website. Which, I assume, the exam board does not endorse.

Alongside exam books, textbooks, literary classics - there's a bunch of material which probably isn't suitable for school…

Screenshot of Google results page showing pornographic content on the OCR page.

If you visit the root of the domain, it seems to have a dodgy Javascript trying to redirect you to what is probably a scam site.

Screenshot of some Javascript embedded in a page.

It seems fairly clear to me that this is an abandoned website. Some scammer has hijacked it and is using OCR's good name to launder their reputation.

Search results showing a bunch of dodgy looking pages on that site.

Time to contact the exam board and let them know the bad news.

Disclosure Timeline

  • 2022-06-04 Discovered. No security contact, so sent a brief email to their support address
  • 2022-06-07 Tried to make contact on Twitter - got redirected to email.
  • 2022-07-13 Asked for an update - but noticed the website had been taken down.
  • 2022-07-30 Blog post automatically published

Share this post on…

One thought on “Responsible Disclosure: An Exam Board Touting Dodgy PDFs”

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.

Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">