How I hacked Forbes India Website (excluding GST😁)
Before getting into the blog,,,
My humble suggestion for fellow mates……..
“ Priorities,,,, never prioritize people, they don’t deserve everything from you!! ”
Let’s get started…
A few lines about Forbes India;
Forbes India is the Indian edition of Forbes, which is managed by the Reliance Industries-owned media conglomerate Network 18.
Let’s re-create the scenario!!
I’m searching for some stats over internet and found this Forbes news magazine, it helped me to go through the podcasts. After some f**king time it started asking me for subscription 😒😒😒😒
Totally got irritated and tried to purchase it. But I found that website looks so simple from backend. So thought of testing this site 😅😅
This is how my hunt started on this website for vulnerabilities😈😈
Let’s move into the hack!!!!
So as I opened the site and immediately created an account for me. Now the website shows me different types of magazines, videos, podcasts and subscription plans, and blah blah ☹️☹️is coming up. Also, I thought of testing all vulnerabilities, exploits and doing a small Recon 👨💻👨💻 on the website.
After going through the website, I’m just surfing the requests and responses to check all the data which will be help me to do something over this site. 💭🤔💭🤔💭🤔💭
Now I’ve added some random subscription to my cart and again started seeing all the packets of requests & responses.
After sometime I started filling the basic details that were asked in the website for further procedure.
Now I’ve started seeing the requests and responses for any chance,,,,, 😒😒😒😒😒😒 no chance till now and thought of using some other methods.
Now I’ve seen that there is field named as “Apply coupon” which pulls my all attention & affection like hot chick… 🥵🥵😅😅 and now I’ve given some random text as coupon and applied it.
After applying the coupon, I’ve started intercepting the requests and found this request is directly related to coupon field. So now my all attention went for field named as “GST” aka our Finance Minister of India 🤣🤣🤣🤣
I can see that gst = 0 and out of my curiosity I thought of changing it to negative value (gst = -5399) 😁😁😁
As you can see there is negative value in gst parameter and I’ve forwarded the request in interceptor. Now below you can see the changes.
For now I’ve changed the value to least value and tapping on proceed to payment….
Now I paid the money and got subscription for least price.
All big thanks for our Finance Minister 🤣🤣🤣🤣🤣🤣🤣🤣.
Some how GST helped me here to get my things done smoothly 🤣🤣🥳🥳
This write-up is shared for Knowledge transfer purposes only and please don’t try to use the bug.
Also special thanks to Mayur Parmar, Hemant Patidar, Tarun Tandon, and Pavan Kumar Chinta
Hope you enjoyed this write-up and gained something good 😁😁. Visit my profile for doubts and guidance ping me on LinkedIn.
Also, you guys can follow me on Medium
Thanks and Byee… Happy hacking and Let’s hack together👨💻😈
