DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Backstage access: an unauthenticated SQL injection in Front Gate Tickets

Quality: 8/10 Relevance: 9/10

Summary

The article exposes an unauthenticated SQL injection in Front Gate Tickets' device API, enabling read access to a large customer and staff data store and potentially full administrative control via password reset tokens. It also discusses bypassing a AWS WAF and the impact of the breach, including ticketing manipulation and credential exposure, followed by disclosure and vendor response. This highlights critical API security flaws and the need for robust input validation, authentication, and mitigations for SMB IT environments.

🚀 Service construit par Johan Denoyer