Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features.
The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily thus as a Bug Bounty Tip decided to write this blog. I’ll try to keep it as simple as possible.
POC:
When I created A free account I was Welcomed with the following message.
This means that I only had limited features to use, I could have signed up for a free trial but who doesn’t love using everything for free.
So I decided to check around. and went to settings.
But all the paid options were disabled, thus it wasn’t possible for me to use them. As always the first thing i tried was to check the Source of the page.
While Checking All the Forms seems to be disabled.
Just changing
<fieldset disabled>
to
<fieldset enabled>
will enable the feature
And was able to use the features totally free. That’s all 😛 Hacking at its best 😇 As said “Sometimes, HACKING is Just someone spending more time on something than anyone else might reasonably expect” it’s always good to look into things that seem to be pointless.
Post Views: 213