.png)
3 years ago
275 BOOK THIS SPACE FOR AD
ARTICLE AD
Showmax is an online subscription video on demand service which launched in South Africa on 19 August 2015. Showmax is employing a localisation strategy to take on established video on demand competitors with a focus on local content and partnerships with mobile telcos
After i saw a disclosed report in Twitter by @lordjerry0x01 https://hackerone.com/reports/1077520
I said wawww , 2000$. for parental pin bypass , let me bypass the pin too
As i have the same flow of @zseano, i hack the main app
The game begin
I started by create an account then clicking in each button to understand how the app works
after a few minute i found the parental control endpoint , now i added a code pin in kids profile so that, kids who dont has 18+ can’t watch adults serie
when browsing my burp history , i have found this https://www.showmax.com/eng/parentalControlForm/%2Fhome/true
i decide to take a look this url , because most of the time you can bypass the protecting by changing from True to false , false to true
when i copied and paste the url in kids profile , its disclose the parental pin
Steps To Reproduce:
login in to your showmax accountadd parental pinGo to https://www.showmax.com/eng/homeclick watch trilleryou will asked for parental pinenter this url in your brower https://www.showmax.com/eng/parentalControlForm/%2Fhome/trueyou will get the parental pin without confirming your passwordnow you change the parental pin , and you can bypass the password confirmation , for parental controlhere the disclosed report https://hackerone.com/reports/1121169
thank you for taking your time to my report
you can found me in twitter https://twitter.com/moodiAbdoul
Bengali (Bangladesh) · 
English (United States) ·