How I got 20,000 credits in my Shuttl App Account

3 min read Original article ↗

How I got 20,000 credits in my Shuttl App Account

Press enter or click to view image in full size

A little perspective on the company Shuttl offers shuttle bus service to its commuters, mainly office goers in Delhi NCR

My first tryst was with it when one of my friend causally mentioned about a new service. I tried the app loved the UI, they had an app which looked nice but little confusing to use at least to me. Next time another friend mentioned it and told me that it had a bug which was giving away free cash every time you reinstall it. I recently started digging in the OWASP and thought let’s see what lies underneath.

Installed the app and using the standard tools of the trade I reversed the app and voila no PROGAURD. So I sat down and read the code. How they implemented this and that.

While exploring the server calls I came across the methods for getting the credits the user has. It also had a lot of other network calls we will skip those and reach to an important feature of the app that is transfer credit and this is where the magic happens. Using this I transferred some 20k points worth 10k in Rupees to my account

Let’s see how I did this.

  1. First getting the credits user this call required my user id which can be seen on the recharge screen mine is SUNNY9706 just in case you want to send across some credits to me. I found they only used the last part(9706) of id which is sequentially generated. So they made a unique-id out of user’s first name and the id generated and used only the part that can be easily predicted .
  2. Moving to transfer credit this call required two people’s id the giver and the receiver and the amount required. I called my friend and asked for his id promising free credit :P.
  3. So filling in all the details , crossing my finger I hit send and voila I have bankrupted my friend. Then I did this with another of my friend. It was so much fun .

Press enter or click to view image in full size

Next logical and responsible step informed the shuttl team. they did not take me seriously at first so I took out some more credit and send across a screenshot. That definitely grabbed some eyeballs.

Bug was reported on Aug 3 2015.

Press enter or click to view image in full size

As of now the transfer credit system is down, they are migrating to a new API as told to me by their founder.

Click “♥︎” to promote this piece if you liked the piece.