Categories: Gadgets

Techie prevents train tickets ordered at IRCTC from ‘hacked’

New Delhi: In a recent exposition, an independent security researcher named Renganathan P recently told the Indian computer emergency response team about the main vulnerabilities on the IRCTC platform that allows easy access to personal information from passenger lakh.
Not only that, exploiting charging (direct unsafe object reference) vulnerabilities on the IRCTC can even allow attackers to cancel train tickets ordered from random passengers.
The Idor vulnerability on the IRCTC also allows anyone to change the boarding point (from the train), order food, book a hotel, tour package, and even order a bus, according to Renganathan.
Renganathan, who claimed to have helped LinkedIn, the United Nations, BYJU, NIKE, LENOVO, UPSTOX in improving security vulnerabilities in their web application, reporting the problem to Cert-in on August 30, 2021, by sending an email on “Incident @ incident-in .org.in “.
The idor vulnerability was set on September 4 and IRCTC acknowledged the same thing on September 11.
It is not possible to determine how long this vulnerability is present on the IRCTC platform.
Also, there is little official information about whether this vulnerability is exploited or not.
We don’t know now whether the user is directly affected due to the problem of the technology.
Considering that the IRCTC is one of the largest ticket booking platforms in India with the majority of residents who rely on it to travel by train, the implication can be very large.
Explain how vulnerability was found, said Renganathan, “when I ordered a ticket as a normal human being, I suddenly got an idea to test the vulnerabilities.” In the letter to Cert-in (a copy of the Times of India – Gadgetsnow), he wrote, “Go to your account ticket history, click on any tickets with Burp Suite.
Now change the transaction ID to get access to other people’s tickets, You will get all sensitive details.
You can also cancel a person’s ticket or do evil things.
“” I tried to an idor and decrease the number of transaction IDs and forward packages.
And yes! I got a transaction and ticket details of random users like the train number, time of departure , duration of travel, PNR number, ticket status, dormitory stations, passenger information such as their names, seat details, gender & age, “he added.

news2in

Share
Published by
news2in

Recent Posts

44 ordered to attack the procession

Ludhiana: The police have submitted FIR to four identified and at least 40 unknown attackers…

3 years ago

Punjab: Police Reject conspiracy theory in the case of Deep Sidhu

Sonīpat / Ludhiana / Ambala: Actor Punjabi - Activist Activist Deep Sidhu, who died in…

3 years ago

Punjab: Hidden Strength Working Behind PM Narendra Modi, Arvind Kejriwal, said Rahul Gandhi

PATIALA / MANSA / BARNALA: Attacking Prime Minister Narendra Modi and AAP National Convener Kejriawal,…

3 years ago

BJP made AAP to endanger the Congress, said Ajay

Jalandhar: BJP and AAM AAM AADMI parties are one party, Secretary General of the Ajay…

3 years ago

Our job is to make Punjab No. 1 State: Meenakshi Lekhi

Ludhiana: Minister of Union Culture Meenakshi Lekhi while campaigning to support the BJP candidate from…

3 years ago

Feb 20 is an opportunity to change the destiny of Punjab and his children: Bhagwant Mann

Machhiwara (Ludhiana): AAM AAM AADMI Party (AAP) Head of Punjab Candidate and Members of Parliament…

3 years ago