💰How I Made $2000 from an Easy Bug🐞

Abhijeet kumawat

·

Follow

Published in

Cyber Security Write-ups

·

4 min read

·

2 days ago

55

2

Listen

Share

✅Free Article Link: Click Here

Hey Bug Bounty Hunters! 🚀

Here’s my one more write-up. This time, we’re talking about an OTP Bypass that could have led to massive account takeovers on a well-known ride-sharing app. Let’s dive in! 🕵️‍♂️💻

🔍 The Bug: OTP Bypass in Phone Number Update

I discovered a critical vulnerability in ***** that allowed an attacker to take over any phone number linked to an account. The issue? A broken OTP validation process. 😱

🔥 How the Bug Was Found:

1️⃣ Open the ***** app and go to Account Settings.

2️⃣ Choose to update your phone number.

3️⃣ Enter a new phone number.

4️⃣ The app prompts for a 4-digit OTP verification.

5️⃣ Instead of the real OTP, simply enter “0000”.

6️⃣ BOOM! 🎉 The phone number gets updated — without any verification! 🤯