Responsible Disclosure #in#india #CarnivalCinema

Hi Medium, whats up ?, Tolesh Kumar here hope your doing great & having fun learning from the community like I am.

What is this Post about ?

on 25 July 2018, i found some critical bugs at moviecardindia.com and carnivalcinema.com website which lead to disclose there user data, movie card data and user booking history. I share these information with them on same day via calling and mail these details to you also send message on LinkedIn to there CEO (Sony Ravindranath)and other security persons. But Its not complete here. I mail to there security persons but i don't get no responses yet. This is the sad truth in India where security no matters if you work hard and make awareness they don’t even reply and say thanks to you.

IF there is anything I missed or typed wrong , you can leave a comment or contact me at https://www.linkedin.com/in/urstkj

Here is the Bug POC

You can also Check Full POC files:-

SCREENSHOTS

TOLESH KUMAR (CYBER SECURITY EXPERT)

Written by

Experienced Computer Specialist with a demonstrated history of working in the information technology and services industry.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade