.png)
4 months ago
25 BOOK THIS SPACE FOR AD
ARTICLE ADHi i am Pavan. i started learning pen testing and practising it on targets. While doing it i found an interesting vulnerability which is email verification bypass.
When i was working on a target i created my account to check the functionality on it. It has the verification process to login in to the application. So here i wanted to test the login flow.
Here i went through all of the request history in login flow and just looked for some interesting parameters. Here i got the thought of email verification bypass. Then i just try to find a path which is in the application and just gone through the javascript files and i found a route from javascript file which is “/dashboard”.
Then i just entered the path “/dashboard” in the browser. But it end up on redirecting to verify email flow. Then i triggered reset password option it sends me an email with token. then i reset my password and again trying to login.
This time it also ends up on the same verify email page. then Again i manually change the url to “/dashboard” again it went to same page.
This tie while logging in i have seen remember me option. so i checked the option this time and logged in. But it again took me to same page. But this time when i manually changed the path to “/dashboard” Yes it opens the dashboard page and from there i was able to explore the application like verified user.
Hope you learned some thing, Have a nice day… :)
Bengali (Bangladesh) · 
English (United States) ·