Jump to content

Backdoor link to booking page?

MadScientist

By MadScientist,
in Chat

 Share

Recommended Posts

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

parsonjack
parsonjack

Maybe not me but that sounds like the year that someone at See made an error (?) in the DNS set up so that no requests were being directed to a particular load balancer IP.  A simple host file hack en

Yeo-vile idiot
Yeo-vile idiot

1/10 for a first forum post 🤦🏼‍♂️

Ayrshire Chris
Ayrshire Chris

Buy loads of cheese and cider 

Posted Images

parsonjack Mentor

parsonjack

Posted
Posted
4 hours ago, clarkete said:

That year where someone (maybe @parsonjack?)  identified a url for a device which had no traffic was great too. 

What can they beat the normal punters at BTW ? 

Maybe not me but that sounds like the year that someone at See made an error (?) in the DNS set up so that no requests were being directed to a particular load balancer IP.  A simple host file hack enabled requests to go to a virtually unused server and folks cleaned up until it got spotted by See and closed down.

It's all as tight as a ducks chuff these days....although I do keep,an eye on the set up for any changes that could potentially be exploited.

  • Upvote 3
Link to comment
Share on other sites
Neil Grand Master

Neil

Posted
Posted
7 minutes ago, incident said:

They probably should have configured their DNS correctly then, and it wouldn't be an issue.

he reckoned i should have phoned them up and told them the fix (i said i couldn't get thru on the phones, was busy 😛 

Link to comment
Share on other sites
Pinhead Mentor

Pinhead

Posted
Posted

Lucky they didn't cancel all the transactions made via the unused server tbh. I think someone just did a lookup for all the A records for that zone and found the offline server or something. One year they just published all the wrong ip's in their dns or something and someone knew what all the active ones were and posted them on here.

Link to comment
Share on other sites
DareToDibble Mentor

DareToDibble

Posted
Posted
1 minute ago, Pinhead said:

Lucky they didn't cancel all the transactions made via the unused server tbh. I think someone just did a lookup for all the A records for that zone and found the offline server or something. One year they just published all the wrong ip's in their dns or something and someone knew what all the active ones were and posted them on here.

Would they have been able to though? People would have gotten official confirmation emails from See, booking references, the money taken etc. 

Link to comment
Share on other sites
spg Mentor

spg

Posted
Posted

My favourite was being able to adjust some script in the deposit payment window that made it possible to pay in full instead. I'll not go into details but thanks to an efestivals user tickets were sorted! One of the lesser known hacks that happen

 

 

Link to comment
Share on other sites
incident Grand Master

incident

Posted
Posted
6 hours ago, DareToDibble said:

Would they have been able to though? People would have gotten official confirmation emails from See, booking references, the money taken etc. 

Technically? Yes, easily. They could identify transactions made through that server in a given time range.

Legally? Yes, easily. They could class it as Unauthorised Access under the Computer Misuse Act.

PR wise? Probably not, it'd be a nightmare both in terms of press coverage and also piss off thousands of their customers.

Link to comment
Share on other sites
parsonjack Mentor

parsonjack

Posted
Posted
1 hour ago, incident said:

Legally? Yes, easily. They could class it as Unauthorised Access under the Computer Misuse Act.

Not sure I'd want to risk the cost of legal assistance to fight it but See might be on questionable ground to go with the 'unauthorised access' angle given it was their error that left the door open. 

It's a bit like an insurance company refusing to pay out on your nicked telly when it was yourself who left the back door unlocked I guess. 

Link to comment
Share on other sites
incident Grand Master

incident

Posted
Posted
29 minutes ago, parsonjack said:

Not sure I'd want to risk the cost of legal assistance to fight it but See might be on questionable ground to go with the 'unauthorised access' angle given it was their error that left the door open. 

It's a bit like an insurance company refusing to pay out on your nicked telly when it was yourself who left the back door unlocked I guess. 

The police would still issue a crime number in those circumstances, though, and in the unlikely event the person was caught they'd still be liable for prosecution.

See absolutely could have cancelled those transactions if they felt it appropriate, for any one of a variety of reasons, and any attempt to sue them over it would have been laughed out of court.

Though of course that was never likely to happen as See would then be left with however many thousand tickets needed shifting (so another sale needed?), they'd also piss all those people off, and would get a load of bad press including much wider knowledge of the fact that effectively they couldn't sort their own shit out.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...