A flaw caused a significant loss for PVR Cinemas!
A vulnerability on their website enabled attackers to purchase gift cards for just ₹1, causing losses of more than ₹50 lakh. The gift card option was eliminated by PVR, and cyber cells are looking into the matter.
PVR Cinemas, is an Indian multiplex chain based in Delhi. It was formed as a result of the merger between PVR Cinemas and INOX Leisure Multiplex.
Understanding How attackers hacked PVR?
This weakness allowed hackers to dump cards through parameter tampering . Let us examine what is meant by parameter tampering.
Paramter Tampering
An example of a web attack is parameter tampering, which is changing application data, including price information, user credentials, and permissions, by tampering or interfering with the application business logic that is communicated between the client and server.
A evil user may change the referred information when a web application uses hidden fields to store status information by manipulating the values stored on their browser. An online retailer, for instance, utilises hidden fields to identify its products in the manner shown below:
<input type="hidden" id="1008" name="cost" value="70.00"
In this case, the cost of a particular item can be decreased by an attacker by altering its “value” informa
Hackingblogs was able to find some of the real images of the attack vector being potrayed