[BugBounty] how do I get a premium tier account without paying a penny
Hello, after a long time of not writing, I wanted to write something unique. what I found here is privilege escalation, wherein attackers can get premium tier accounts without paying. I found a bug in a private program on bugcrowd. For the convenience of program privacy and easy understanding of readers, I will call it marzuki.com
marzuki.com has two account tiers, free and premium, and there is no trial here. Users must purchase a subscription for $50 per month to become premium. A few weeks ago, I tested marzuki.com but missed the endpoint of registration, and this bug occurred when registering. there is a vulnerable parameter that causes an attacker to be able to get a premium account without paying
OK, let’s go to the enumeration step to find the parameters. you can use param miner (now supports for POST json parameters).
you can see progress with Logger++ burp plugin.
you can also use arjun or other tools for parameter discovery.
good article to find hidden parameters https://medium.com/geekculture/params-discovering-hidden-treasure-in-webapps-b4a78509290f
request after I run param miner and found hidden parameter and this upgrade account to premium without paying a penny
the report is sent and within three days the bounty is given
when you test a program, don’t miss any features, I previously tested this program a few weeks ago but missed the signup feature. Try to browse like a regular user, go through all the available features, and then think about what shouldn’t happen. Try fuzzing with any request GET/POST/PATCH/PUT. Finding hidden parameters is a good way because many hackers may miss it. And burp suite is a great tool.