Email verification bypass through no rate limit or changing response
My name is Prathamesh Pawar and I am beginner in bug bounty hunting. I am writing Blog for first time so please ignore the mistakes.
This article is about finding the vulnerability on RDP(responsible disclosure program) so I am not allowed to disclose the company name, let’s assume it as Prawar.com
So, I am testing on Prawar.com, I have followed the same process as every researcher follows, that is creating the account on application. After that i have used following methods to bypass the email verification
No rate limit
- I have filled the registration form with all the details.
2. After submitting the form I have got email verification box
3. As there is 4 digit code, I though lets check for no rate limit.
4. I have entered the random 4 digit code and capture it in the burpsuite and send that request into the intruder.
5. I have started brute forcing on Otp, for every response it showing me 200 ok
6. So I am checking for whether the length is changing or not. after it pass to the correct otp the length has been changed from 365 -> 322
7. I have successfully bypassed email verification
Response Manipulation
- At time of no rate limit method I saw that there is json response in body
2. so I think lets try to manipulate the response, so I have remove user message from response and change “fail” to “ok”
3. I forward that request and I have again bypass email verification.
Thank you for Reading.
Happy and safe hacking
