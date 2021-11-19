P Ranganathan learns ethical hacking: 17-year-old student learns ethical hacking in lockdown

P Ranganathan Ethical Hacker: The name of a 17-year-old schoolboy from Chennai has become famous in the world of ethical hacking. This is because after learning Ethical Hacking Online, this student helped to fix an error on the Indian Railway Catering and Tourism Corporation’s (IRCTC) online ticketing platform. This saved the personal information of millions of passengers from going viral. Not only that, this bug could also allow a hacker to take advantage of the IDOR (Insecure Direct Object Reference) vulnerability on the IRCTC to cancel the booked train tickets of any unknown passenger.



P. Ranganathan alerted the computer emergency response team and informed India’s railway ticket booking platform IRCTC about the bug. This saved users’ data from being hacked. In fact, there was a problem with the IRCTC’s platform, which allowed hackers to access the private information of millions of passengers. Imagine that there was a secret passage on the IRCTC website that went into the private details of millions of passengers. Ranganathan not only found the error but immediately reported it to CERT-IN.

P. Ranganathan (17) is a Commerce student studying in Class XII at a private school in Tambaram, Chennai. While studying at Lockdown, he started learning online ethical hacking. Today, they have found and corrected errors in many national and international websites. Like the other children, p. Ranganathan also spends a lot of time on the computer screen, but he does not waste his time playing online games or watching series. He does bug bounty in his spare time and this trait sets him apart from other kids.

P. According to Ranganathan, one day he was booking a seat in the train for his family member. For that, he went to the IRCTC website. He found a big defect there. However, it was a mere coincidence. He says, “I was not looking for bugs, in fact I was booking tickets online. As soon as I completed all the formalities of booking the ticket, I received a Critical Insecure Object Direct Reference (CIODR) vulnerability on the website including name, gender, age, PNR number, train details and departure station and date of departure. Other travelers. Able to access travel details of

Ranganathan said that since the back-end code was the same, the hacker could take advantage of this error on the IRCTC website to cancel tickets as well as change the boarding station of passengers, order meals, make hotel bookings, package tourists. The bus was also booked. The biggest reason for this error was the risk of leaking a large database of millions of passengers.

Thus the problem was solved

When Ranganathan informed the CERT about the bug at the IRCTC, the CERT created a question mark ticket within minutes. Ranganath told CERT in the mail, first go to the ticket history of your account, turn on the barp discount and click on any ticket. Now change the transaction ID, which will give you access to another ticket, where you will get all the sensitive data. Here you can also cancel someone’s ticket. Ranganathan explains that the bug was fixed five days after the information was received. The IRCTC also admitted that there was a bug on their website, and they received testimonials.

Ranganathan said that prior to this success, he had reported to companies like LinkedIn, United Nations, Nike and Lenovo that they had discovered security vulnerabilities on their web applications, which led to him receiving security offers and gratitude from several companies. Ranganathan wants to pursue a career in computer science, continuing his research into the security of web applications.