First, I would like to thank you for visiting my blog. Here, I will share with you many tips, tricks, and I will reveal, with no overthinking or frustration talks, about major cybersecurity or ways that all of you can implement.
So, let’s dive into how I hacked in 2014 or 2013, I guess. I forgot, lol…
I was able to book tickets online through a simple trick that ends with three clicks, I guess.
This trick is not only for the website; it applies to all websites that have integrated Bank’s Payment gateway.
The trick works on Firefox (it works on any browser, but because Firefox has the plugin named Tamper Data, tamper data is a way, not just a plugin. So, if you can tamper with data in any other way, it works normally. But since the plugin is coded and works perfectly, it’s better and easier for me to hack, or in other words, bypass or manipulate the security.
So, let’s talk less and start working on how I did it.
First, I entered as a guest on Vox cinemas to book. I visited and went through all the processes that anyone would do to book a ticket, such as choosing movie timing, seats, etc. When I got to the checkout page to pay, I turned on the tamper data to listen to the requests. So, every request after clicking the checkout to pay (this button redirects me to the payment gateway Bank to pay), I tampered with the data. The columns in the plugin in the header are JSON files sending the requests to wait for the response from the server, okay? So here, you will see the data that will be sent to the payment gateway Bank, such as seats, movie name, payable amount, date, time, etc.
It is just the payable amount. I changed the amount from $12 to $1. Why? Because if the server reads $0, it will show an error. So in the end, if you book the entire cinema room, for example, 200 seats, it will be 200 x $12 = $2400. You can pay $1 instead of $2400.
Keep in mind, I did it many times, but just for educational purposes. I didn’t go only once to physically check if the booking was okay and it worked. I did visit the cinema and entered normally paying $1, and then went home with no problems.
Keep checking my blog. There is another way on how I hacked Grand Cinemas Downtown. I will post it soon.