Connect with us

Trending

Teen Bounty Hunter From Chennai Assists Railways Fix Major Bug In Ticketing Portal

Trending

Kotak on Hold: RBI Blocks New Online Customers Due to IT Mismanagement

Cyber Crime Trending

Dubai Drug Lord's Inner Circle Exposed in Operation Black Tie, Details Inside

Trending

Padma Shri Awardee and Distinguished Alumnus Prof. Manindra Agrawal Takes Charge as IIT-Kanpur's New Director

Trending

Mystic Who 'Predicted' 9/11 Foresees Surge in Cyber Attacks for 2024

Cyber Crime Trending

Shocking Sex Photo Scandal Rocks Parliament: Multiple MPs Fall Victim to Blackmail in Grindr Honey Trap Drama!

Trending

Chinese Interference in Indian General Elections? Microsoft Warns...

Cyber Crime Trending

The420 Cybercrime News Update: Scams from Fake Swiggy to Impersonations and Task Frauds, with Police Actions Across Cities

Cyber Crime Trending

Indian Authorities Issue Advisory for Job Seekers Heading to Cambodia

Cyber Crime Trending

Ex-Intelligence Officer Raises $30M to Fight Cybercrime: The Untold Story

Cyber Crime Trending

US and UK Impose Sanctions on Chinese Hackers Amid Global Cyber Espionage Concerns

Cyber Crime Trending

DoT's 'Sanchar Saathi' Initiative Exposes 21 Lakh SIM Cards Activated Illegally

Cyber Crime Trending

Giorgia Meloni's Bold Move Against Digital Abuse: Rs 90 Lakh Lawsuit Sparks Debate Over Deepfake Pornography

Cyber Crime Trending

First Cyber Flashing Conviction in England: A Milestone in Online Safety

Cyber Crime Trending

Friend in Need...or FAKE Friend? How to Spot the WhatsApp Scam Targeting Hong Kong Users!

Trending

Cyber Warriors Wanted: NCIIPC and AICTE Launch Nationwide Ethical Hacking Contest

Cyber Crime Trending

How the FBI and Indian Law Enforcement Agencies Are Fighting the War With Digital Fraudsters

Cyber Crime Trending

This Country Faced A Whopping Rs 99,000 Crore Loss to Cybercrime in 2023, Read Full Report Here

Cyber Crime Trending

Ukrainian YouTuber's Identity Cloned by AI, Sparks Global Concern Over Deepfake Threat

Economic Fraud Trending

Novus Path Lab booked for Covid-Testing Fraud during Kumbh!

Cyber Crime Trending

North Korea Hacks Chipmakers in South Korea, Raising Fears of Weapons Program Boost

Tech Talk Trending

Excellence in FutureCrime Research: Saumay Srivastava Receives Prestigious Award At FutureCrime Summit

Tech Talk Trending

J&K's Young Innovator Risheek Sharma Receives Honors in Cybercrime Research At FutureCrime Summit

Tech Talk Trending

Celebrating Cyber Excellence: Venkatesh Murthy K Awarded at FutureCrime Summit 2024

Tech Talk Trending

Dr. Karnika Seth Awarded for Excellence in Cyber Law at FutureCrime Summit 2024

Tech Talk Trending

Bharat Panchal Awarded for Excellence in Cyber Risk Management at FutureCrime Summit 2024

Tech Talk Trending

Honoring a Cybersecurity Visionary: Dr. Gulshan Rai Awarded for Excellence in Cyber Strategy At FutureCrime Summit

Cyber Crime Trending

Digital Deception: How Cyber Criminals Clone Celebrities to Promote Fake Investments

Cyber Crime Trending

Shutting Down Fraud SIM Factory: Uttarakhand STF Nabs Mastermind Behind 80 Lakh Fraud, 3,000 SIM Cards Recovered

Cyber Crime Trending

Operation Cronos: International Crackdown Shatters LockBit Ransomware Network

Cyber Crime Trending

Phishing Alert: Chinese Cybercriminals Target Indian Investors with Fake Brokerage Apps

Cyber Crime Trending

Surat City Police Launches AI-Driven 'Surat Cyber Mitra' to Tackle Rising Cybercrime Threats

Cyber Crime Trending

Clickbait Gone Wrong: Taiwanese Influencer Jailed for Faking Abduction in Cambodia Scam Mill Stunt

Cyber Crime Trending

FutureCrime Summit 2024: eSec Forte Technologies Receives Prestigious Award for Indigenous Forensic Hardware Development

Cyber Crime Trending

Ankush Mishra Felicitated For Excellence in Cyber Policing at FutureCrime Summit 2024

Cyber Crime Trending

Special Task Force (STF) of UP Police Honored with Award for Excellence in Cyber Law Enforcement

Cyber Crime Trending

Excellence in Cyber Strategy Awarded to Dr JM Vyas at FutureCrime Summit 2024

Cyber Crime Trending

Frontline Fighters Against Cybercrime Unite: Highlights from FutureCrime Summit 2024

Cyber Crime Trending

FutureCrime Summit 2024: Join Us at 8:30 AM on Feb 8 for the Cybersecurity Event of the Year

Cyber Crime Trending

Registrations & Sponsorship Closed: FutureCrime Summit 2024 Prepares to Host Global Cybersecurity Experts

Cyber Crime Trending

NIA's Cutting-Edge Technology: Face Recognition and Fingerprint Identification in Counter-Terrorism Drive

Cyber Crime Trending

South Korea's National Intelligence Service Reveals North Korean Hackers' New AI Strategy

Cyber Crime Economic Fraud Trending

JPMorgan Chase Bolsters Cyber Defenses Amidst Record 45 Billion Daily Hacking Attempts

Cyber Crime Trending

FBI Issues Urgent Warning on Rising Threat of Sextortion Targeting Minors

Cyber Crime Trending

Mumbai Techie's Desperate Plea: Claims Hackers Are Manipulating His Life Through Microchip

Cyber Crime Trending

Bengaluru Doctor Duped of Rs 95,000 in Army Officer Impersonation Scam

Cyber Crime Trending

Senior Bank Manager Falls Prey to Online Investment Scam, Loses Rs. 21.5 Lakh

Cyber Crime Research & Opinion Trending

I4C, NSD Join Hands With MyGov To Raise Awareness on Cybercrime in Innovative Street Plays

Cyber Crime Trending

Don't Be A Victim: Complete Guide To Reporting Cyber Fraud and Getting Back Your Money In India

Research & Opinion Tech Talk Trending

Innovative Cyber Investigation Tool to Win Prestigious 'सर्वश्रेष्ठ साइबर त्रिनेत्र' Award at Future Crime Summit 2024 - Nominate & Register

Research & Opinion Tech Talk Trending

Future Crime Summit 2024: Recognizing India's Cybersecurity Champions - Nominate & Register Now

Cyber Crime Trending

Delhi Police Expose Accounts-for-Hire Racket, Two Arrested

Research & Opinion Tech Talk Trending

FutureCrime Summit 2024: Gathering Of India's Finest Speakers To Combat Digital Threats - Don't Miss the Biggest Cybersecurity Event of the Year

Trending

Atmanirbhar in Tech: DRONA Mini Workstation By eSec Forte Redefines Digital Forensics

Trending

How Military WhatsApp Groups Are Being Used To Defame And Tarnish Image Of Journalists

Cyber Crime Trending

Reporting Hacked or Impersonated Social Media Accounts in India: Step-by-Step Guide

Cyber Crime Trending

The420 Cyber Crime Dairy: Unmasking Daily Cyber Frauds

Trending

Teen Bounty Hunter From Chennai Assists Railways Fix Major Bug In Ticketing Portal

Published

3 years ago

on

Teen Bounty Hunter From Chennai Assists Railways Fix Major Bug In Ticketing Portal

CHENNAI: P Renganathan, like all teenagers, spends a lot of time online, but what he does is very unique. In his spare time, the 17-year-old Class 12 student from Chennai works as a bug bounty hunter.

A youngster from a city school assisted the Indian Railway Catering and Tourism Corporation (IRCTC) in fixing a problem on its online ticketing platform that could have exposed the personal information of millions of travellers.

He was able to view the journey data of other passengers thanks to the website’s significant Insecure Object Direct References (IDOR) vulnerability.

Acting on his warning, the Computer Emergency Response Team, India, informed the IRCTC of the vulnerability, which was rectified, preventing a possible hacking of the country’s largest online ticketing platform.

HOW THIS HAPPENED

P. Renganathan (17), a Standard 12th student at a private school in Tambaram, Chennai, was booking a railway ticket a few days ago by login into the IRCTC portal when he discovered specific weaknesses that may undermine the security safeguards.

The website’s significant Insecure Object Direct References (IDOR) vulnerability allowed him to view other passengers’ journey details such as name, gender, age, PNR number, train details, departure station, and date of journey.

“Because the back-end code is identical, a hacker could buy food, modify the boarding station, and even cancel the ticket without the knowledge of the genuine passenger.

Other services, such as domestic/international tourism, bus tickets, and hotel bookings, would have been available in other passengers’ user profiles. Most crucially, there was a chance that a massive database containing millions of passengers would be leaked,” Renganathan explained.

On August 30, 2021, he reported the vulnerability to the CERT, India, which quickly created a ticket. According to Renganathan, the bug was patched and recognised by the IRCTC five days later.

According to the adolescent, he has received recognition from LinkedIn, the United Nations, Nike, and Lenovo, among others, for disclosing security flaws in their web programmes.

Renganathan wants to pursue a career in Computer Science while continuing independent research on the security of web applications.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Related Topics:
Continue Reading