How I bypassed OTP in unexpected way

Hii hackers, I hope you are doing well in your life. In this blog I’m gonna show you how I bypassed the OTP in unexpected way.

About the site:

The site was about the donation. And this site is popular in India for donation. For the privacy reason I can’t expose the site name. Hence let’s called it example.com

The story of how I found in easy way:

Actually when we visit the site. So, they asked us about the login. From there I started testing the site. First there was registration form in which I have to fill up my mobile number and my blood group etc…

After it my hacker mind wake up 😎 and I started to test how can I bypass the OTP. Because if I would bypass the OTP. So, I can create account as well as I can also take over another user account.

So, the OTP was main in that site to authenticate users.

After filling up that form, it was asking for the OTP number. So, when I enter my right OTP and capture the request. It was looked something like this.

where we can see there is access token. So, I can’t copy this response in the place of wrong OTP response. Because, everytime we make request it was giving me new access token in the response. Also, I can’t again use my number for OTP. Bcz, it was creating account in the first time.

So, for the second time I had to use the my friend mobile number(which he was not aware of🥲).

Then again I capture the wrong OTP request. And started playing with it. Request was looked something like this.

This is the request where I only had chance to bypass the OTP. So, I had to play around with this request for quite a while. I tried delete the OTP which not make any sense but still I tried it.

I tried removing the quotation mark but it didn’t work. After that in OTP I wrote ‘true’ in the place of ‘1111'. But still nahhhh…..

Then trying different and new things with parameter I came accross one trick to bypass the OTP which was simple but it was too hard to find it.

So, to bypass the OTP I just put the true In the OTP parameter. And guesss it worked after all. You can see in the image.

So, I’ll suggest you to never trying stop on one parameter only. Try different things which no one can imagine. Which I did here. I only had to write true without double quotation.

I hope you learned some new tricks to bypass the OTP. If you liked my blog. So pls show some love by touching clap button many times you like.

Thanks for reading blog guys❤️. I’ll meet you next time. Take care. Happy hacking🙌🙌.