.png)
1 day ago
13 BOOK THIS SPACE FOR AD
ARTICLE AD
After a short break, I’m back with a brand-new article! This time, the focus will be on a bus company in Turkey that operates dozens of trips daily.
While conducting pentests on this company, I noticed some diffrent actions during the reconnaissance phase. Specifically, the company’s “Forgot Password” functionality stood out due to its unusual implementation.
The “Forgot Password” feature relies on the user’s registered phone number. When you enter a number already in the system, the platform displays partial information about the user’s first and last name (the initials are shown, and the rest is masked with asterisks). If you are the account holder, you can proceed to receive an OTP code for further verification.
However, when I tested this process through Burp Suite, I observed that the unmasked version of the name (e.g., “E*** K***”) could still be retrieved in some cases.
This meant that by submitting any registered phone number, it was possible to conduct perception attacks to uncover the full names and surnames of individuals.
After some additional tests, I was able to extract the first and last names of random individuals, even people I had no prior connection with. Since the company has a large and active user base, this vulnerability essentially turned the system into…
Bengali (Bangladesh) · 
English (United States) ·