Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
airline pnr bug
Posted by: raptor
Date: November 21, 2006 09:02AM

I just wanted to share a 'bug' in one of the airlines website I found a couple of months ago. This airline allows to book air tickets through their web interface. They generate a PNR after you choose an available flight but they activate it only when payment thorough credit card has been received. This PNR is stored in hidden variable and can be easily read in all subsequent pages.

So far so good, until they launched a scheme – "if your PNR ends with 00, you can fly for just X bucks, if ends with 50, you can fly just for Y bucks". The X and Y are something like 1$ and 10$ respectively.

Quite funny and serious bug, it underscores the problem that management is not aware of how their website works.

....and yea, i did not buy air tickets by exploiting this bug :-)

Options: ReplyQuote


Sorry, only registered users may post in this forum.