# How I Got Free Travel on Namma Metro

As someone who uses public transportation regularly, I rely on it to get me where I need to go quickly and efficiently. That’s why I was surprised to learn that I could travel for free on **Namma Metro** due to a critical bug that I discovered.

**Namma Metro** In November 2022 started **QR** based ticket system. The QR code ticketing system was introduced to offer a more convenient and faster way for passengers to access the metro system. With the QR code ticket, passengers don’t need to wait in long queues to buy physical tickets. Instead, they can simply purchase the QR ticket using the **Namma Metro** mobile app or through WhatsApp.

While testing the Namma Metro mobile app, I noticed the Purchase QR Ticket Option. Immediately set up my Burpsuite with Android Studio (`Rooted AVD with Frida setup`). Started capturing the request from the Namma Metro mobile app.

* Navigated into Purchase QR ticket
    
* Entered the Starting and Destination Point
    
* Capture the request and I observe that `unitFare` and `totalFare` parameter is passing the value of the ticket on the API response body.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358631228/8c6ec5dc-a048-4480-aa19-cd918c4c46e8.png align="center")

* Then Changed the value to `Rs.1` and Forwarded the request
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358706173/51fdf5c8-0e06-4c2c-a750-ebd0086d8cba.png align="center")
    
* The manipulated fare was updated
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358457172/773cbc73-91b5-4ee6-88c1-fb417bfae07c.png align="center")
    
* Then redirected to the payment page and made the payment through UPI
    
* After the Payment was successful and got the ticket for just `Rs.1`
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358424437/5e0cf721-8e51-4a39-8e4a-3739e36629d0.png align="center")

As a security researcher, I knew that this was a critical bug that needed to be reported immediately. I reached out to the **Namma Metro** team and provided them with all the details of the bug and how it could be exploited. They responded quickly and thanked me for bringing the issue to their attention.

Upon further investigation, the **Namma Metro** team discovered that the bug was caused by a misconfiguration in their payment gateway system. They immediately fixed the issue, and I was impressed with their swift action and dedication to ensuring the safety and security of their passengers.

I am proud to have contributed to making **Namma Metro** a safer and more secure system for all its passengers.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358093587/ee618629-4840-474e-80e1-9f6d790a7f22.png align="center")
