Posts

Showing posts from December, 2017

Escalating user privileges in a BBP

Hi folks, This post is about one of my recent finding in a private bug bounty program. Since the program refused for public  disclosure  (i don't know why) i am not attaching any screenshots. But still i will try to explain the idea. Let's call the site as example.com, So example.com is a trading platform and they have a limited trial period after that you have to spend $$ to renew your account. And the most irritating part is once your trial account is expire example.com lands you to https://example.com/subscription/expired  every time.  So i created a new trial account and start checking common endpoints like profile page, account balance page, recent activities page etc. After i tried to get those endpoints with my old expired account and every time i was landing to  https://example.com/ subscription/expired :( Now the challenges was to somehow get and update information of my old expired account. Luckily they have a API which is used to fetch, update and t