16 Times Forced Browsing Leads to Authentication bypass [ 300$ Bounty ]

Hello everyone, I’m Javeed Shaik. A bug bounty Hunter and Ethical Hacker

While hunting on a public bug bounty program, I discovered an HTML injection vulnerability. However, it was categorized as P5 since authentication is required to access the profile. To enter the profile, one needs to input the code received via email

I have now decided to bypass the authentication process in order to upgrade my P5 HTML injection to a P4 😂.

Vulnerability Details:

Forced Browsing Vulnerability:Forced browsing allows an attacker to navigate directly to restricted or protected pages without providing the required verification code.By exploiting this vulnerability, an attacker can bypass the profile code verification step and gain unauthorized access to protected functionalities.

Navigate to this url :- https://example.com/account/profileIt will prompt for a code, To bypass this,. Utilize this endpoint and engage in forced browsing [/sign-up/profile]we have to do this for 16 times , then click Alt + Left ArrowAuthentication successfully bypassed, we have accessed the profile page without entering the code