How to find (“Business_logics”) AND (”Broken Access Control”) Bugs !

Hello Awesome Hackers, I hope you all doing well!
My name is Mohamed Anani Or 0xM5awy.

In this Write-Up, we will talk about How to find (“Business_logics”) AND (”Broken Access Control”) Bugs !

1.The first bug was that there are 3 different types of subscriptions/plans and no one can change/edit it only the admin/owner of the team

2.The Second bug was that there are endpoints allow you to add your comment like facebook comment etc and you cant edit/delete the comments of other users even if you are the owner

3.The Third bug was that the Pro Plan not allowed you to create more than one map and if you want to create more than once you need to upgrade the plan!

4.The four bug was that only the admin/owner can (Duplicate) the maps and no one else can do that !

5.The fifth bug was that only the admin/owner can edit/rename/delete/etc the (customization)

6.The sixth bug was that only the admin/owner can edit/rename/delete/etc the (settings) of team

7.The seventh bug was that the admin/owner allowed/unallowed the insights feature and if the admin/owner make this feature off the viewer role cant send any insights

8.The eighth bug was that there a endpoint call (feature) and this endpoint the viewer role cannot access/read/see_it

All of these vulnerabilities do not belong to Recorn or Automation etc. But it belongs to you understanding the app/website and trying to do things the app/website doesn’t allow you to do like manipulating roles/plans etc. or trying to buy stuff without money and this is what we did in the last Write-Up you can read it here or try to Exploit Feature that the app/website give to you for free to get a bug as last Write-Up we made it you you can Read it here . This was the end of our writing today.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store