Hello guys! My name is Tuhin Bose (@tuhin1729). I am currently working as a Chief Technology Officer at Virtual Cyber Labs. In this write-up, I am going to share one of my findings which helped me to earn $$$.
So without wasting time, let’s start:
Basically the target was an email marketing website let’s call it redacted.com. I quickly tried to create an account there. While creating an account, I noticed that they verifies both email & phone number of the user using OTP. So I decided to try OTP bypass. I submitted the OTP and captured the request using burp. In both cases (email & phone number), the request looks like this:
The OTP is associated with the requestId. When we forward the request, the server will verify whether the value of “response” is same for the corresponding “requestId” and if it matches then it’ll redirect to phone number verification. So if we copy the request body and drop the request then try using the body while generating an
Read the article