| ...to demystify some of what's being said: Imagine buyFlights.php?bash="cp+foo+bar;mv+bar+baz;etc..." Then imagine: buyFlights.php?sabre="1DFWSFO12JAN23FEB+etc..." If you've ever seen your passenger name come back as ALL UPPERCASE, it's likely been washed through the methuselah of systems, and those systems have lots of internal quirks and commands that may let you do things like switch seats, add a car, drop a passenger, change your meal preference, etc. "some/many ecomm front ends are really bad and you can do stuff you shouldn't" ...if you pay attention to what's going on "in the system", if there's an unprotected endpoint where you can say "LUNCH=vegetarian&&btw-duplicate-this-flight-then-cancel-and-issue-a-refund-in-cash", that's (sometimes) the level of badness in the different systems. Historically: SABRE was a spinoff of AA and one of the first real database / computer / IT companies. EaasySabre (ca: 1986!?!!) was one of the first "credit card over modem" applications (eg: on Prodigy!) - https://www.travelweekly.com/Travel-News/Travel-Technology/S... ...lots of opportunity for "legacy" bugs hiding there. |