Hi everyone , I have found this bug on a public program on h1 some times back.

The website is having a registration process in which you have to fill your phone number to be able to register.

After providing phone number, email, username & details , you have to verify the phone number by giving 6 digit OTP code for successful verification.

After providing 6 digit OTP ,and verifying the captcha service and then hit register and intercepted this request.

So i just intercepted this POST Register request in burp and then started playing with this request’s parameters.

So…

Prasoon Gupta

Appsec Engineer | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store