The Technical Breakdown
The entry point was a flaw in the main site's query handling that broke the standard login redirect
Bypassing Filters: While the system attempted to "clean" spaces to prevent command execution, the source used the ${IFS:0:1} variable to represent spaces, allowing commands to run undetected
Proof of Access: By executing commands like whoami, the source confirmed their presence in the system via error logs
Session Hijacking: A log file was discovered containing active session tokens
Evidence of Access
The following images provided by the source confirm the extent of the breach, showing a direct look at the Nelnet internal database and production environments.
This image displays an internal web portal for Nelnet showing a "Material Type" breakdown for the series Max and Ruby, listing hundreds of internal assets including audition tapes, storyboards, and scripts.
This screenshot shows a 3D rigging environment in Autodesk Maya 2009 featuring a model of Pablo from The Backyardigans. The file path indicates the model was accessed directly from a workstation desktop.
Lost Media Recovered
The most significant find within the server’s paths was a collection of animation production files and unaired content
Internal Tools: The server hosted copies of Toon Boom and Flash used by the company for production
Unaired Pilots: A specific directory contained pilots for various shows, including several that never made it to air
Backyardigans Discovery: Notably, the intro to the Backyardigans Nick Digital pilot was found within these files
Internet Archive Verification: Further proof of access is evidenced by files archived on the Internet Archive, including a QuickTime movie of a Backyardigans project and a Flash source file for the series Dog Trace.
The System Shutdown
The vulnerability was eventually closed following an accidental disruption of the site's functionslog out.pl file
The source estimates that approximately 7GB of data and 1,000 files were retrieved during the window of access