Hi everyone , I have found this bug on a public program on h1 some times back.
The website is having a registration process in which you have to fill your phone number to be able to register.
After providing phone number, email, username & details , you have to verify the phone number by giving 6 digit OTP code for successful verification.
After providing 6 digit OTP ,and verifying the captcha service and then hit register and intercepted this request.
So i just intercepted this POST Register request in burp and then started playing with this request’s parameters.