Security is the most important area which many application developer’s and its management never invest on.
Here is my story how did I find security issues effortlessly and got awarded with huge bounty.
Jazz Cinemas-Avengers-EndGame IMAX
Jazz Cinemas are the biggest Cinema Theatre Company in India. Where I was able to purchase 3 thousand Rupees worth movie tickets, cold beverages and snacks for me and my friends for just One Rupee. Yes you heard it right.

The hacking technique was simple. I just intercepted the movie ticket cart Purchase call with the help of BurpSuite Community Edition app and modified the amount with Just one rupee for the movie Avengers-EndGame IMAX.
Tada!! The Purchase was successful. I was not sure if there will be a manual check at the Theatre, but there is none. Myself with my friends were able to go to the movie theatre with the hack produced ticket and even at the interval time we received our beverages and snacks.

They didn’t find anything suspicious or the manual check even after 10 days of the Incident. Of-course what to expect from a corporate and the vulnerable IT team. But its time to be honest with the victims. I mailed them the vulnerability details and acknowledged the issue. Felt Proud!