In 2013 I took an Information Security class at Oklahoma State University. As a final project, we were broken into teams to find a security hole, and have a plan to theoretically exploit it.
I led this project, and in early 2014, gave a presentation to key faculty and IT security on campus. As I understand it, the final solution was to take down the website (https://app.it.okstate.edu/idcard/), and not worry about the rest. Fair enough.
Here are the contents of my final report.