Improper phone number validation to account takeover

  1. Visit the signup page: https://redacted.com/signup
  2. Give any russian phone number you can get it from receive-sms-online
  3. intercept the request and change it to your number and you will receive a call with OTP
  4. Input this OTP and intercept on -> click on verify and again change the country code and number
  5. You’re logged in as the Russian number user and same works with Login.

--

--

--

Ignore me, i will make you regret

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

2022’s Top Cyber Security Trends with a Quantum Twist

Jerome’s Journal: Chemosit — Page 33

PARAMI AD 3.0 WHITELIST SUMMARY

First product from DFILE team starting in private testnet!

Another one?! CREAM hacked

Using Raspberry Pi to block ads

QMware hybrid cloud data centre

Warren & Whit: Privacy Abstraction

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
shesha sai_c

shesha sai_c

Ignore me, i will make you regret

More from Medium

Improving the impact of a mouse-related XSS with styling and CSS-gadgets

How to hunt for bug bounties

How I took over the Manager’s account in Bus Booking website.

Story of YouTube’s Unfixable Ads Bypass