Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features.

About the Issue:

The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily thus as a Bug Bounty Tip decided to write this blog. I’ll try to keep it as simple as possible.

POC:

When I created A free account I was Welcomed with the following message.

This means that I only had limited features to use, I could have signed up for a free trial but who doesn’t love using everything for free.

So I decided to check around. and went to settings.

But all the paid options were disabled, thus it wasn’t possible for me to use them. As always the first thing i tried was to check the Source of the page.

While Checking All the Forms seems to be disabled.

Just changing

<fieldset disabled>

to

<fieldset enabled>

will enable the feature

And was able to use the features totally free. That’s all 😛 Hacking at its best 😇 As said “Sometimes, HACKING is Just someone spending more time on something than anyone else might reasonably expect” it’s always good to look into things that seem to be pointless.