.png)
6 months ago
26 BOOK THIS SPACE FOR AD
ARTICLE AD
As a bug hunter, discovering a vulnerability that rewards you for your efforts is always thrilling. Recently, I discovered a fascinating loophole in one of Google’s platforms, allowing me to unlock a paid feature for free — all by tweaking a single parameter.
The Discovery
It started with my exploration of Google’s cloud services. Among the various tools, there’s a service of messenger. This tool helps developers add conversational agents to websites and typically requires a billing account to enable.
Here’s how i found it:
Creating an Account: I signed up and set up a project and created a new agent.Finding the Integration: I navigated to the integrations section where Messenger awaited, locked behind a billing requirement.Intercepting the Request: Using Burp Suite, I intercepted the network traffic while trying to enable the feature.4. Upon intercepting the traffic, I noticed a response from the server.
JSON Response :
{"name": "projects/agent-name/billingInfo",
"projectId": "agent-name",
"billingAccountName": "",
"billingEnabled": false
}
Here was the trick: the "billingEnabled": false parameter was stopping me. What if I simply changed it to true?
Using Burp Suite, I modified the response to: "billingEnabled": true
Forwarding this altered response, I attempted to enable Messenger again — and it worked! The paid features activated without requiring a billing account.
The Impact :
It allowed anyone with basic interception skills to access premium features for free, leading to potential revenue loss for Google. Realizing the gravity of this, I promptly reported the issue.
Conclusion :
This experience was a reminder of how even small oversights can lead to significant vulnerabilities in targets like google.
Rewarded with $500 : )
Well if you love this write up drop a clap 👏
Thanks for reading !!
Bengali (Bangladesh) · 
English (United States) ·