A critical unauthenticated SQL injection vulnerability in Front Gate Tickets (FGT), a Live Nation/Ticketmaster subsidiary that powers ticketing for major US festivals including EDC, Bonnaroo, and Outside Lands, allowed full administrative takeover of the platform with help from Anthropic’s Claude AI model.
The researcher Ian Carroll noticed that nearly every major US festival funneled ticketing through the same handful of aging FGT domains. While fuzzing the fgtapi.frontgatetickets.com API with the tool ffuf, they found that any endpoint path containing the word “device” triggered a distinct error requiring a deviceUID parameter, exposing unauthenticated middleware tied to on-site scanner and box-office hardware.
Testing revealed that a deviceUID value of 12345 succeeded, but appending a single quote caused the request to hang, indicating the parameter was concatenated directly into a raw SQL query without sanitization.
Bypassing the WAF With Claude
Although the endpoint sat behind an AWS Web Application Firewall, conventional tools like sqlmap failed to gain traction. The researcher then handed the problem to Claude Code running the Opus model, which discovered that the WAF only inspected the outer layer of input, meaning injection payloads nested inside a derived subquery slipped through undetected.
Because the endpoint returned no direct query output, Claude engineered a boolean-based blind SQL injection using a MySQL quirk where a string like 'x' added to a number coerces to zero.
By crafting payloads such as deviceUID = x'+(SELECT CASE WHEN , the response toggled between two real device names (“MC70-023” for true, “Intellitix Upload” for false), creating a reliable oracle for extracting data one bit at a time.
The underlying fgs database contained more than 500 tables, including staff credentials, customer records, and live authentication tokens.
| Table | Sensitive fields exposed |
|---|---|
| FGS_USER | Email, passcode, passcode2, permissions JSON |
| PERSON | Email, passcode, reset token |
| RESET_TOKEN / API_TOKEN | Live, redeemable session and OAuth tokens |
By reading a live entry from the RESET_TOKEN table after triggering a password reset, the researcher hijacked an administrator account without ever knowing its password, gaining full write access to every festival on the platform, including inventory, pricing, and checkout systems.
With administrator access, an attacker could issue unlimited free “comp” tickets to any festival, search customer order databases at will (a test search for “chris” returned thousands of records), and read or redeem password reset tokens to hijack staff and customer accounts platform-wide.
The researcher stopped short of exfiltrating bulk data, stating the point was proven once EDC- and Bonnaroo-level administrative control was achieved from a single unauthenticated GET request.
Notably, Front Gate Tickets and Live Nation had no publicly listed security contact, forcing the researcher to guess a valid disclosure email. The vendor reportedly fixed the flaw quickly and indicated a bug bounty program is forthcoming.
This case underscores a growing trend of AI-assisted vulnerability research, where large language models like Claude can autonomously reverse-engineer WAF logic and construct multi-stage blind injection exploits with minimal human guidance, a pattern also seen in Anthropic’s own disclosure of AI-orchestrated attacks and independent tests showing AI agents exploiting SQL injection flaws without explicit hacking instructions.
Legacy ticketing infrastructure handling both consumer sales and physical box-office operations remains an attractive target given the scale of personal and financial data involved.