Email Update Restricted Bypass

Hello hunters,
I’m Mahfujur Rahman (@mahfujwhh). I’m full time Bug Hunter.I want to be a good bug Hunter,wishing everyone prayers.

Today I will share my recent finding which is Email Update Restricted Bypass. I found this in Intigriti Platform.

let’s start….

In this case I start hunt in main domain, simply I create an account and trying to find bug. When i go to in my profile i can see No Email Change Option In my profile, That’s mean Email change is restricted. The page look like:-

When I update anything this request look like:-

Here you can see The request body look like

{“firstName”:”hery”,”lastName”:”potal”,”gender”:”m”,”city”:”dhakaa”}&data={“mobile”:”94573134644",”birthDate”:”1999–07–06",”addressLine1":”Dhaka,12",”addressLine2":”Dhaka”,”addressLine3":”Dhaka”}

So, I Think if I add a extra perameter in request body what will happen. Is this Bypass or Not? Let’s try…

So, I added a extra perameter after the Last name like ;- “email:annoymouse@gmail.com”

Then In response I got 200 Ok response with success massage

Then I checked my profile and I can see my profile is changed successfully and I can able to Email restricted bypass.

Then Instand I reported it at intigriti and they take this Bug as a medium severity.

I’m so glad i find this. happy Hunting….

You can Follow me in twitter and linkedin:-

https://twitter.com/mahfujwhh
https://www.linkedin.com/in/mahfujwhh/

Buy me a cooffee

https://buymeacoffee.com/mahfujwhh6

Thanks