An Ethical Hacker Reveals How He Booked a Flight From India to US in Just 1 Rupee!

Wait, there's more. He booked a flight to San Francisco for Re 1, booked another one for Rs. 4 and ended up getting a refund of Rs 2000. 😳 😳

Most Popular

Taking life *hacks* to a whole new level is this guy, Kanishk Sajnani, who's managed to turn everyone green with envy by booking cheap AF flights from several websites.

But, wait, this isn't just about him using bugs to his advantage, this 20 something genius has hacked into a lot of company websites and notified them about the countless bugs he discovered. Which was great. But, it's a bummer that most of the companies except Air India never rewarded him with money or recognition.

Advertisement - Continue Reading Below

Sharing his experience on Medium, Kanishk mentioned anecdotes from his hacking history that involved hacking Air India, SpiceJet, Cleartrip and a few more Indian websites. As per him, he did all of that in ONE month!

Image Source

Sajnani revealed how he managed to book a flight to San Francisco for just Re 1, booked the next one for Rs 4 and ended up getting a refund of Rs 2000. He also booked a free spa and got a refund of Rs 1199, too.

Most Popular

Back in 2015, when he had found a bug in the Air India portal and booked himself a seat on a US-bound flight for just Re 1. Yep! He could've travelled the world for free but no, instead, he send them an email, informing them about the bug.

Wait, there's more. Here are a few more screenshots he posted about his experience with Spicejet,

He thought the transaction would get flagged or someone would get in touch with him, but that didn't happen. The kacker said, "I decided to drop a mail to some senior Official. Shockingly, I wasn't even able to find out the email addresses of their CEO or CTO or CMO. All I could manage to find were these ( custrelations-nodalofficer & apppelateauthority@spicejet.com) With no choice left, I sent a similar email ( like one to Air India) to SpiceJet too. Their reply baffled me."

He then reached out to the General Manager, Mr Pradeep Shah (GM, Reservations), who asked him to forward the emails. Which he did, and this was the response he got.

"They sent me our previous correspondence in a .eml type file attached *Double Facepalm * This time the mail was signed by their Nodal Officer. Either they didn't understand the point I made Or they didn't like to acknowledge the fact that their security was compromised" he added.

Next on his list was Cleartrip. In marcg 2016, this hacker could've "booked flights, hotels, international holidays, trains, restaurant dates, massages, cultural events, sport activities. Anything for absolutely free." He shared the following screenshots in order.

Email to the Co-founders

He was asked if that could be discussed over a "quick call" but he refused to do that because:

"NEVER HAVE SUCH CONVERSATIONS OVER THE PHONE. A WRITTEN CORRESPONDENCE IS MUST ( YOU'LL HAVE PROOF IN CASE SOMETHING GOES WRONG) I MADE AN EXCUSE & ASKED HIM TO CONTINUE OVER HERE OR ON FACEBOOK."

He replied saying,

His replyThe Trip he booked

Oh, and then he encountered failed transactions too.

"ONE OF THEM WAS AUTOMATICALLY PROCESSED AS 'MONEY PAID BUT FAILED'. A REFUND REQUEST WAS GENERATED. MY MOBIKWIK WALLET WAS CREDITED WITH 1199 RUPEES."

He duly informed them about this activity too and never heard back from them.

Since he didn't hear from them again, he shot an email to the co-founders.

But there was no acknowledgment.

Here's what his take away was:

"What I've learnt from my Experiences?1. Indian Companies don't pay the attention required for security of their Products.2. No Application/Website is entirely secure. Chances are, maybe someone is already exploiting the bugs right under their nose.3. The only way they understand the Importance of Bug Bounty Programmes is through Public Humiliation. Damage control is obligatory once you get hacked. Best Example – Ola Cabs4. Ethical Hacking is rarely appreciated.5. The process of resolution usually takes a lot of time here. I remember submitting a vulnerability to Mobikwik through their Official Programme. I was just able to Brute Force the OTP during Account Creation. They took like five weeks to get it over with & rewarded me with a sum of 2k ₹.

What needs to be changed?

1. Everything. From Cyber laws to the way security is dealt in our Country.2. Development & Maintenance isn't everything. The company should be secure from any kind of hacking attempts. Leak of private customer details would mean a massive lawsuit coming your way.Every Big startup/company should opt for a Bug Bounty Programme Or at least have a Responsible Disclosure Policy. Platforms such as Hackerone Or Bugcrowd can be used too.3. Appreciate & Acknowledge those who find loopholes in your system.4. The Cycle of Bug Identification- Resolution- Reward should be as fast as possible.5. Companies that don't have their own security Engineers can hire other firms to test their API's."

Serious talk aside, we're definitely very, VERY jealous!

What do you think?

Life
Share
8 Foods That Help Soothe Sore Throats
Eat your way out of your next seasonal cold.
Life
Share
Mira Rajput Shared A Picture From Her Childhood And It's Oh-So Adorable
😻😻
Life
Share
People Have Raised $100,000 for the Woman Who Was Fired for Flipping Off Trump's Motorcade
"Juli Briskman is an inspiration to us all."
Life
Share
Revealed: This is What Your Handwriting Says About Your Personality
For instance, handwriting that is bunched up and non-aligned, indicates a LIE!
Life
Share
Take a Rare Look Inside the Royal Family's Train
It's basically Kensington Palace on wheels.
Life
Share
What To Do If You're Harassed At Work β€” And HR Isn't Helping
All your options, whether you're discriminated against for your sex, race, religion, age, or disability.
Life
Share
Nita Ambani's iPhone Worth $48.5 Million? Here's the Truth Behind *Those* Viral Stories
WE'D BE REALLY JEAOUS IF THAT'S THE CASE!
Life
Share
The Art Fest You Need to Checkout RN
We've got your weekend sorted!
Life
Share
There Goes Your Social Life: The PokΓ©mon Go Creators Are Making a Harry Potter Game
Accio, decent LTE service!
Life
Share
Nutella Changed Its Secret Recipe, Invoked Wrath From the Internet Like the World Has Never Seen
It's good for you now! (Kidding. Kidding. It's not.)