How I Founded A Huge Bug In A Widely-Used Quiz Site

A simple trick to view/reveal answers in buddy20.com site

Subscribe to my newsletter and never miss my upcoming articles

Actually, I was viewing some WhatsApp statuses and I came across a WhatsApp status by a friend of mine who shared an Buddy20.com link for a "friendship quiz thing". I visited the site and the site asked for my name. I entered my name, and the quiz started.

The first question looked like this :

Untitled.png

I pressed Ctrl+Shift+I (because I was using Google Chrome in Windows 10) to open inspect element.

In inspect element, I scrolled down and found this,

xyz.png

I expanded stuff and I found the answer for that question,

image.png

Lol, it's really easy. I did the same thing for every other question & it worked.

image.png

This article is intended for educational purposes only. Anyways, the buddy20.com site didn't had any official bug bounty program so I was unable to report this huge bug.

Here's the link for the quiz I tested this trick on 🔽 Click Here

That's it.

Follow me on GitHub Nisarga-Developer Follow me on Twitter @AdhikaryNisarga

Thanks for reading.