Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features.

 

About the Issue:

The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily thus as a Bug Bounty Tip decided to write this blog he. I’ll try to keep it as simple as possible.

POC:

When i created A free account i was Welcomed with the following message.

 

Which means that i only had limited features to use, I could have signed up for a free trial but who doesn’t love using everything for free.

So i decided to check around. and went to settings.

 

But all the paid options were disabled, thus it wasn’t possible for me to use them. As always the first thing i tried was to check the Source of the page.

While Checking All the Forms seems to be disabled.

 

 

Just changing

<fieldset disabled>

to

<fieldset enabled>

will enable the feature

 

And was able to use the features totally free. That’s all 😛 Hacking at it’s best 😇 As said “Sometimes, HACKING is Just someone spending more time on something than anyone else might reasonably expect” it’s always good to look into things that seems to be pointless.