.png)
3 weeks ago
26 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Folks,
Welcome to another write-up of a High severity finding from a private bug bounty program.
So, this was a unique case hence decided to share it.
This program had setup a staging environment for testing purpose. They had recently introduced an option to activate premium plan trial option. I activated it & started testing the premium features. I was able to find few bugs. Since I was testing this application for a few months I had saved the project in Burp Suite. This step was crucial in uncovering the payment bypass bug which we will see later.
A few months passed & once again I started poking around this application in the hope of finding new bugs. As I logged into the application, I noticed that the activate trial option had been removed. This meant that they were no longer allowing users to activate primum trial plan. Users had to buy this by making payment.
As I mentioned earlier, I had saved the project in Burp Suite. Thus, I had all the requests saved in it. I checked my repeater tab & found the API request which was used to activate the premium trial plan.
Since my current account had premium already activated in it, I quickly created a new account in the…
Bengali (Bangladesh) · 
English (United States) ·