Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features.

 

About the Issue:

The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily thus as a Bug Bounty Tip decided to write this blog he. I’ll try to keep it as simple as possible.

POC:

When i created A free account i was Welcomed with the following message.

 

Which means that i only had limited features to use, I could have signed up for a free trial but who doesn’t love using everything for free.

So i decided to check around. and went to settings.

 

But all the paid options were disabled, thus it wasn’t possible for me to use them. As always the first thing i tried was to check the Source of the page.

While Checking All the Forms seems to be disabled.

 

 

Just changing

<fieldset disabled>

to

<fieldset enabled>

will enable the feature

 

And was able to use the features totally free. That’s all 😛 Hacking at it’s best 😇 As said “Sometimes, HACKING is Just someone spending more time on something than anyone else might reasonably expect” it’s always good to look into things that seems to be pointless.

About the Author

Muhammad Khizer Javed

Cyber Security Researcher,  Bug Bounty Hunter & Freelance Pentester.

2 thoughts on “Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: