- Joined
- May 18, 1997
- Messages
- 55,510
So you go to a website that is so horribly coded, that you can change the company's pricing when purchase its product. Then you change the price, buy the ticket as proof of the problems, and report it to the company. Then what happens, the company has you arrested. Wow. The company, BKK, which had less than a total of 500 reviews on Facebook, now has a total of 45K one-star reviews. Well deserved I would suggest. I am not even sure how this counts as "hacking." There is a site admin somewhere that should in jail instead.
The young man discovered that he could access BKK's website, press F12 to enter the browser's developer tools mode, and modify the page's source code to alter a ticket's price.
Because there was no client or server-side validation put in place, the BKK system accepted the operation and issued a ticket at a smaller price.
As a demo, the young man says he bought a ticket initially priced at 9459 Hungarian forints ($35) for 50 Hungarian forints (20 US cents).
The young man discovered that he could access BKK's website, press F12 to enter the browser's developer tools mode, and modify the page's source code to alter a ticket's price.
Because there was no client or server-side validation put in place, the BKK system accepted the operation and issued a ticket at a smaller price.
As a demo, the young man says he bought a ticket initially priced at 9459 Hungarian forints ($35) for 50 Hungarian forints (20 US cents).