A Teen found a flaw in BKK’s Ticket Booking System just by editing the basic HTML in the Chrome Developer Tools with this flaw he was able to buy $35 worth of Ticket for just .2$. The Transaction got processed because there is no input validation on the server side of the code even noobs will be able to do the transaction.
Once he found the flaw, he informed BKK about the Flaw instead of thanking him the have filed a police complaint that he has hacked their systems. The Law Enforcement Agencies went to the home of the boy and arrested him for Cyber Crime.
As if they had achieved something absolutely good, BKK held a press meet bragging regarding how they had stopped a “cyber attack” and discovered the hacker. When news got out that the hacker was a white hat and had attempted to inform the group about the flaw, the rage on Twitter held furiously. People vilified, cursed, and sarcastically praised @bkkbudapest. There is also discussion of rallies being organized.
Additionally, the group now has a one-star rating on its Facebook page gratitude to thousands of people gathering to it to grant them one-star reviews. Currently, the page has 46,000 one-star numbers. Estimating the total amount of inspections (only 222 five-star ratings), this is a shortage that BKK will never more grow from without creating a new page.
“Learn to verify server side, you noobs,” said one review. “What were you guys thinking?”
During its presser, BKK declared that it had “secured” its operations. Of course, boiling white hats immediately examined the site and started showing out other flaws. One Twitter user even called the website’s security “a goddamn train wreck.” The BKK site is currently down.
Take your time to comment on this article.
