Jump to content

Issue Information

  • #003355

  • Issue

  • 0 - None Assigned

  • New Report

  • -

Issue Confirmations

  • Yes (6)No (2)
Photo

Exploit to Change Other Airline's Aircraft Configuration R5

Posted by Spirit Airlines on 01 February 2021 - 12:04 PM

So (as Air France in R5) I was messing around with urls for changing individual aircraft configuration trying to shorten the process by just typing in some of my ids (to load fewer pages) and I found an exploit by accident. I accidentally entered someone else's aircraft number and was able to change their config. Now, I'm very sorry if you were affected by this (2 airplanes max) but I thought this should be brought to attention. I later checked this on a friend's airline in R5 and was able to change one of his A320s configs (we're partnered on this so he doesn't mind) from  3F 21C 147Y to 3F 3C 176Y and videotape the whole thing. For some reason I can't upload an mp4 file here but am happy to send directly to a staff member via email if relevant.

 

Not sure if this should be posted here seeing as it is an exploit but I hope people will be responsible and not use it while the devs fix it.

 

Some IDs you can try it on in R5 (Q400s that I own - I don't mind):

 41764  41893 42042 42177 42320  42442  42594  42729 42885 42993  43148  43299 43446

 

I assume this is a sitewide issue but I've only tested in R5.



RubberDuckGaming

Feb 25 2021 04:03 AM

I can confirm this in S3-B. I didn’t actually go through with changing the config but this needs to be dealt with immediately. You access this by going to configure your own aircraft and changing the number at the end to a number of an aircraft that you don’t own. I could see it was a different airline’s aircraft because they had a different config than me. Since you could literally ruin an airline by changing their planes to all first class, this is extremely severe and game-breaking.




Spirit Airlines
Mar 07 2021 11:58 PM

I can confirm this in S3-B. I didn’t actually go through with changing the config but this needs to be dealt with immediately. You access this by going to configure your own aircraft and changing the number at the end to a number of an aircraft that you don’t own. I could see it was a different airline’s aircraft because they had a different config than me. Since you could literally ruin an airline by changing their planes to all first class, this is extremely severe and game-breaking.

Thank you for confirming my analysis. This issue is as you said, potentially game-breaking and needs to be addressed. Devs, I am happy to lend a hand on the programming side (not sure what is the running the backend but I am proficient with quite a few low-medium level languages) if you are short on time.



Back to Airline Empires 3.1


0 user(s) are reading this issue

0 members, 0 guests, 0 anonymous users

  1. Issue Tracker
  2. Airline Empires 3.1
  3. Status: New Report