Hey everyone!
I’ve discovered another vulnerability on a bug bounty platform, and I’m excited to share the details with you. Let’s dive right in and explore the process!
What is OTP? One-Time Password(OTP) is a dynamic password valid only for one session and expires if not used within the time limit(which might vary between 60 seconds to 5 minutes).
We are going to use the Response Manipulation method to bypass OTP.
What is Response Manipulation?
Response manipulation is a critical aspect of web application security testing. Through tools like Burp Suite or other proxy tools, testers can modify, inspect, and analyze the data exchanged between the client(browser) and server. It includes intentional alterations to parameters, headers, and content to find security weaknesses that are often overlooked by automated scanners.
step 1: Choose the target i.e. https://abcd.com
I tested for vulnerabilities that could be exploited before login, and within my target scope, there is an option for creating user roles.
Enter random and required details, then click Submit. OTP recived to the entered mobile number.
step 2 : enter the random OTP
step 3 : captured the OTP request
Forward the Request and capture the OTP response in the burp suite.
step 4: modify the Response status
it was observed that after submitting the random OTP, then i got a 700 response code (Internal database error).
Now i just played a small tricky here, i was changed the response code status as a 200 (OTP verified).
step 5: result
The user role creation was successfully created.
I submitted this report to the client, but it turns out to be a duplicate 🫤🫤. I was a bit late, but that’s okay…at least I got some stuff to share with you.
Follow me for more updates guys ! like, comment, share 😊
Bye… Bye
twitter : @itsravikiran25 / follow me on twitter for new updates.