Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AI Used in Ticketmaster Attack to Score Free Tickets
July 3, 2026
Anthropic Details Claude 3.5 Sonnet Safeguards and Jailbreak Framework
July 3, 2026
Google Disrupts NetNut Residential Proxy Botnet Exploiting 2 Million Devices
July 3, 2026
Home/CyberSecurity News/AI Used in Ticketmaster Attack to Score Free Tickets
CyberSecurity News

AI Used in Ticketmaster Attack to Score Free Tickets

Key Takeaways A critical SQL injection flaw in Front Gate Tickets (FGT), a Ticketmaster subsidiary, allowed full administrative takeover of its platform. The vulnerability, found in API endpoints...

Sarah simpson
Sarah simpson
July 3, 2026 4 Min Read
3 0

Key Takeaways

  • A critical SQL injection flaw in Front Gate Tickets (FGT), a Ticketmaster subsidiary, allowed full administrative takeover of its platform.
  • The vulnerability, found in API endpoints tied to on-site hardware, was unauthenticated and could be exploited via a single GET request.
  • Anthropic’s Claude AI model played a crucial role in bypassing the AWS Web Application Firewall (WAF) and crafting a blind SQL injection payload.
  • The flaw exposed sensitive data including staff credentials, customer records, and live authentication tokens across major US festivals.
  • The vulnerability has been patched, and Front Gate Tickets is reportedly establishing a bug bounty program.

A severe unauthenticated SQL injection vulnerability within Front Gate Tickets (FGT), a subsidiary of Live Nation/Ticketmaster, provided a pathway to complete administrative control over its platform. This critical flaw, which powers ticketing for major US festivals like EDC, Bonnaroo, and Outside Lands, was exploited with assistance from Anthropic’s Claude AI model.

Table Of Content

  • Key Takeaways
  • Bypassing the WAF With Claude
  • What You Should Do

Cybersecurity researcher Ian Carroll identified that a limited number of aging FGT domains handled ticketing for nearly all major US festivals. While conducting fuzzing operations on the fgtapi.frontgatetickets.com API using the ffuf tool, Carroll discovered that any endpoint path containing the term “device” would trigger a specific error, demanding a deviceUID parameter. This behavior exposed unauthenticated middleware linked to on-site scanner and box-office hardware.

Initial tests showed that providing 12345 as the deviceUID value resulted in a successful response. However, appending a single quote to this value caused the request to hang, a clear indicator that the parameter was being concatenated directly into a raw SQL query without proper sanitization.

Bypassing the WAF With Claude

Despite the endpoint being protected by an AWS Web Application Firewall, conventional tools like sqlmap proved ineffective in exploiting the vulnerability. The researcher then leveraged Claude Code, running the Opus model, to tackle the challenge. Claude successfully identified that the WAF only performed shallow inspection of input, allowing injection payloads nested within a derived subquery to bypass detection.

Given that the endpoint did not return direct query output, Claude devised a boolean-based blind SQL injection technique. This method exploited a MySQL quirk where adding a string like 'x' to a number coerces the string to zero.

By constructing payloads such as deviceUID = x'+(SELECT CASE WHEN <COND> THEN 1 ELSE 0 END)-- -, the system’s response would toggle between two distinct device names: “MC70-023” for a true condition and “Intellitix Upload” for a false condition. This created a reliable oracle, enabling the extraction of data one bit at a time.

The underlying fgs database was found to contain over 500 tables, including highly sensitive information such as staff credentials, customer records, and live authentication tokens.

Table Sensitive fields exposed
FGS_USER Email, passcode, passcode2, permissions JSON
PERSON Email, passcode, reset token
RESET_TOKEN / API_TOKEN Live, redeemable session and OAuth tokens

By extracting a live entry from the RESET_TOKEN table after initiating a password reset, the researcher successfully hijacked an administrator account without ever needing to know its password. This provided full write access to every festival managed by the platform, including inventory, pricing, and checkout systems.

With administrative privileges, an attacker could generate an unlimited number of free “comp” tickets for any festival, freely search customer order databases (a test search for “chris” yielded thousands of records), and read or redeem password reset tokens to compromise staff and customer accounts across the entire platform.

The researcher stopped short of exfiltrating large volumes of data, emphasizing that the objective was to demonstrate the feasibility of achieving EDC- and Bonnaroo-level administrative control through a single unauthenticated GET request.

Notably, Front Gate Tickets and Live Nation did not have any publicly listed security contact information, forcing the researcher to speculate on a valid disclosure email address. The vendor reportedly addressed the vulnerability swiftly and indicated that a bug bounty program is in development.

This incident highlights a growing trend in AI-assisted vulnerability research. Large language models like Claude are proving capable of independently reverse-engineering WAF logic and constructing complex, multi-stage blind injection exploits with minimal human intervention. This pattern has been observed in Anthropic’s own disclosures of AI-orchestrated attacks and in independent tests where AI agents successfully exploited SQL injection flaws without explicit hacking instructions.

The incident also underscores the persistent attractiveness of legacy ticketing infrastructure as a target. Such systems, which manage both consumer sales and physical box-office operations, often handle vast quantities of personal and financial data, making them high-value targets for malicious actors.

What You Should Do

  • Organizations should regularly audit and update their web application firewalls (WAFs) to ensure they can detect and mitigate sophisticated, nested injection attacks.
  • Implement robust input validation and parameterized queries for all database interactions to prevent SQL injection vulnerabilities.
  • Establish clear and easily discoverable security contact information (e.g., a security.txt file or a dedicated security email address) to facilitate responsible vulnerability disclosure.
  • Consider implementing a bug bounty program to incentivize ethical hackers to discover and report vulnerabilities before they can be exploited maliciously.
  • Regularly review and update security policies and practices, especially for legacy systems handling sensitive customer and operational data.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitSecurityVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Anthropic Details Claude 3.5 Sonnet Safeguards and Jailbreak Framework

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Critical Claude Cowork Sandbox Vulnerability Lets Attackers Run Commands as Root
July 2, 2026
Ousaban Malware Targets Iberian Banks with Phishing PDFs and VBS Downloader
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us