.png)
3 years ago
151 BOOK THIS SPACE FOR AD
ARTICLE ADThe Web Application was a Server Hosting Management System with 24x7 support, Datacentre facilities, etc. After creating an account, a server of the user’s choice is hosted which means a Resource was being utilized. However, the Unnecessary creation of accounts could lead to excessive exploitation of available resources.
For which, a Phone verification mechanism was implemented where the user has to enter the 4 digit code which was told, on a call received on the entered mobile number. And only upon entering the correct code, the user had access to the functionalities offered.
The Phone Verification mechanism looked like this,
While testing, I had to create multiple accounts & going through this process seemed hectic so I tried to bypass this. So I started forming test cases for the inputs (phone number, verification code). Out of many test cases formed, this was the one that had a strong logic :
Test Case: As you can see, the “Verification code” input is already placed without entering the phone number. The normal flow should have been, asking for the phone number first & then the verification code. But here, things seem different 🤷♀️
So What if I enter any value in the “Verification Code” input box before entering the phone number and click on “Verify Code”?🤔
What if the developer had set a variable at the backend that held some initial value before the user clicks on “Call me Now”?😮
Going with the test case, I tried 1234, 1111, 8421, etc. but none of them worked. However, for 0000 the account got verified successfully meaning that the Phone verification was bypassed.
Bengali (Bangladesh) · 
English (United States) ·