July 10, 2026
Easy Bug__Easy Bounty
Hello everyone! Long time no see. ๐

By Yahia Ibrahim khamis
2 min read
I'm Yahia, a junior penetration tester, and today I'd like to share a simple but interesting bug that many testers overlook during penetration tests and bug bounty hunting.
The bug is Local Device Time Manipulation(your laptop or computer time).
The vulnerability was found in a real-world community platform (let's call it example.com) and was confirmed and fixed by the security team.
The platform allows users to:
- Create posts
- Publish polls
- Comment and react to posts
- Vote in community polls(Vote posts)
When creating a poll, the author chooses an expiration time. Once the poll expires:
- No one should be able to vote.
- Users who haven't voted cannot view the final results until the deadline has actually passed.
Finding the Bug
While testing the poll feature, I asked myself:
"What happens if I change my device time?"
First, I moved my laptop clock forward to a time after the poll expiration.
the application immediately displayed the final poll results, even though the poll was still active in real time.
That made me wonder if the voting restriction also depended on the client time.
So I waited until a real poll had actually expired.
Then I changed my system time back to a moment before the poll deadline for example if the final time is 10/07 , I change my laptop time to 9/07 .
After refreshing the page, the application allowed me to vote normally โ even though the poll had already ended.
To verify the impact, I restored my system clock to the correct time and checked the poll again.
The vote had been permanently recorded.
Example:
- Before attack:
- Option A: 50%
- Option B: 50%
- After submitting a late vote:
- Option A: 60%
- Option B: 40%
This confirmed that I could modify the final poll results after the official deadline.
Impact
A malicious user could:
- Submit votes after poll expiration.
- Manipulate final vote percentages.
- Influence giveaways or rewards tied to polls.
- Manipulate community-driven decisions.
- Reduce trust in poll-based features.
If polls affect rankings, promotions, or financial rewards, the impact becomes even more severe.
Where Else Should You Test This?
This bug pattern appears in more places than most researchers expect.
Some good targets include:
- Free trials that expire after a fixed period.
- Coupons and discount codes.
- Tasks or events with deadlines.
- Time-limited application features.
I also found a similar issue in a well-known LLM platform. The internal security team acknowledged it but decided not to fix it, so the report was closed as P5. ๐๐๐๐
Testing Tip
If changing your local time appears to bypass a restriction, don't stop there.
Always wait until the real expiration time has actually passed, repeat the test, and verify that the server permanently accepts the action. This produces a much stronger proof of concept and confirms it's not just a client-side display issue.
I hope you found this write-up useful.
My linkedin : https://www.linkedin.com/in/yahia-ramadan-
ู ุชูุณุงุด ุชุตูู ุนูู ุงููุจู