| Headline | A vulnerability is found on a ticket sales platform | |
|---|---|---|
| Year | 2020 | |
| Month | December | |
| Country | ||
| Description | An independent investigator finds a flaw in the ‘Online Bus Ticket Reservation 1.0’ platform. It is a software for the sale of transport tickets, developed in open source to be used by bus companies, whether urban or interurban -for example: Abhibus, Red Bus, Travelyari, APSRTC, TSRTC, Goibibo, Yatra, Makemytrip, Yatragenie… -. A failure in the authentication procedure allows access to the service by entering a simple code in the username and password fields, so the attacker does not need to create a user account on the platform. | |
| Intentionality | Hacker | |
| Target | Other | |
| Company | SourceCodester | |
| Type of company | Software developer | |
| Data / Life | Data | |
| Access | Aplication | |
| System | Online platform for booking bus tickets | |
| Recognized by brand | Sí | |
| Source | https://www.realinfosec.net/2020/12/08/online-bus-ticket-reservation-1-0-sql-injection/ |
