Skip to content

Instantly share code, notes, and snippets.

@krushna06

krushna06/IRCTC Booking Extension Exploit.md

Last active March 9, 2025 11:12
Show Gist options
  • Save krushna06/2599ded645998bd9cda651387054ba41 to your computer and use it in GitHub Desktop.
Save krushna06/2599ded645998bd9cda651387054ba41 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
IRCTC Booking Extension Exploit.md

Force Active Plan for IRCTC Quick Tatkal

🧐 How I Discovered This Bug

While looking at the authentication checker code of Chrome extension (IRCTC Quick Tatkal), I noticed that it verifies the active status from chrome.storage.local. This check could be easily modified, allowing me to fool the authentication system into thinking I had an active plan. However, as soon as I visited the IRCTC website, the extension would reset my plan status to Inactive, revealing a Storage Overwrite Vulnerability. image

While using a Chrome extension (IRCTC Quick Tatkal) that interacts with irctc.co.in, I noticed that my subscription plan status would revert to inactive upon visiting the website. After inspecting chrome.storage.local, I found that the extension modifies the stored plan status when accessing IRCTC, effectively locking out users who should have active access.

How It Works

  • Intercepts tab updates in Chrome.
  • Detects when a user opens https://www.irctc.co.in/.
  • Automatically forces the plan to "A" in chrome.storage.local, overriding any extension-imposed reset.

Code Explanation

The script utilizes Chrome’s chrome.tabs.onUpdated.addListener() method to monitor tab updates. When the IRCTC website fully loads, the script forces the plan value in chrome.storage.local to "A" (Active). This ensures the extension remains in an unlocked state, preventing it from disabling premium features.

Code Implementation

chrome.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
    if (changeInfo.status === "complete" && tab.url.includes("irctc.co.in")) {
        console.log("🚨 IRCTC opened! Forcing Active Plan...");
        chrome.storage.local.set({ plan: "A" }, () => {
            console.log("✅ Plan forced to Active!");
        });
    }
});

Usage

1️⃣ Open the Chrome Extension Console

  1. Go to edge://extensions/ (or chrome://extensions/).
  2. Enable Developer Mode.
  3. Click "Inspect views" → "background page".
  4. Open the Console tab.

2️⃣ Paste & Run the Script

Copy and paste the script into the background page console and hit Enter.

3️⃣ Test It

  • Open the extension POPUP & click "Book".

  • Open the Console of the extension (F12 → Console tab) and check for:

    🚨 IRCTC opened! Forcing Active Plan...
✅ Plan forced to Active!

Note

I keep mentioning Chrome though the extension vulnerability occurs on all browsers... so any would be fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment