OTP Verification Bypass

Description Of Vulnerability :

First of all, let’s assume Website is example.com.When I created an account on example.com I received one OTP in my email id for verifying the email. When I entered the correct OTP and checked the Response to this Request. Response code is very simple HTTP/1.1 200 Created and {} then I think let’s bypass OTP Verification.

Steps To Reproduce :

1. Create an account using abc123@gmail.com.
2. One OTP was Sent to abc123@gmail.com email id.
3. Paste that correct OTP and Capture the Request into Burp. Now right-click on the Request and click on Do Intercept >Response To This Request.

Original request response when submitted original OTP

4. This is the response code.

5. Now again create one account hack123@gmail.com.

6. Again one OTP was sent to the hack123@gmail.com email id.

7. But I don’t have any access to the Hack123@gmail.com account. Let’s Bypass OTP Verification.

8. Enter any wrong OTP and capture the request into Burp. Now right-click on the Request and click on Do Intercept >Response To This Request.

when given the wrong input received 400 bad request

9. See the response there is an error message HTTP/1.1 400 Bad Request and {“error”: “user_not_verified”}

10. Now replace that error message with this HTTP/1.1 200 Created and {}

11. Boom Account Verified Successfully.

I hope you enjoyed this reading.

Thank You!

Do Subscribe to me for Live POCS: https://www.youtube.com/channel/UCS7EGEUlV6Sr7VUnzhBBZrg