I Hacked Every Single Staff Account on AirIndia within 1.5 Minutes :)
Hello Beautiful creative people, hope you’re doing great.
This is the continuation of “The Password Bypass Series”
So first of all let me clear a point, there will be some lines which you may don’t like so please don’t take it personal.
As my daily routine, I was at my shop with my Papa and a customer came who was showing off, he was telling me what he can do, he can hack and hacking is an Art (literally, I was like you know who I am :) but didn’t said anything to him.
After coming home, this small talk was keep coming in my mind again and again :\
then I thought let’s do something which will let him know who I really am :)
So I started googling programs (Indian), Then I thought let’s take a chance and target the AirIndia
But When I was searching Airindia’s bug bounty program I found this :|
Which was very weird, Why they are no providing bounties or financial support, Then I told my self let’s do it only because of my pride my country “India” :)
After few minutes of recon, I found that most of airindia’s web-applications are running “IIS Windows” so I started to gather xss and sqlinjection parameters, but I didn’t found any xss or sqli.
So I thought let’s dig deeper, and I took one domain which was only for staff
“*.airindia.in”
So I tried Admin:Admin but it didn’t worked so I tried “admin’ or 1=1 — -” but It also didn’t worked, then I thought as the field says lets try some numbers so I tried 45848 as the staff number and admin as the password but no luck, then I pasted “admin’ or 1=1 — -” this in the password field and I was logged in
I was like :
Then I tried multiple random staff no and It worked every time… :)
And my hacker mood was dancing like this :)
After poking around I found that it is indeed a critical one, I was able to add tenders.
After trying multiple times I still didn’t believed that I bypassed the login of Airindia, so I invited a very good friend Harsh banshpal
And he told me to report it at cert-in.org.in and we did reported it.
And they told me this :
And after 1 week when I was working on this writeup I found that they fixed the bug, but didn’t informed which was annoying :|
timeline :
Reported the issue: Thu, Jan 27, 4:02 PM
Cert-in Reply : Fri, Jan 28, 11:25 AM
fix : withing 5 days
There wasn’t any transparency during the vulnerability assessment, which I didn’t expected.
if you like this article, make sure to give a clap and do follow us on
linkedin :
ME:
Harsh:
https://www.linkedin.com/in/harshbanshpal
Instagram :
https://www.instagram.com/sarans0x00h/
https://www.instagram.com/harsh_ban_/
Happy hunting and keep growing hackers :)