Upload Backdoor in profile picture and OTP Bypass

Hey Curious Hunter’s…💀

Today I am going to tell you how I Upload Backdoor with profile picture upload functionality and simple otp bypass with the help of burp suite intruder tab in a private program.

I started doing recon on the website of the company I worked for, I got few subdomains from which I did not get much specific information, so I decided to create a unique dorks of my own so that I can use it for this purpose which i can found bugs.

here is my dorks looks like

Otp Bypass:-

I just Got an login page with OTP Authentication. When I entered my number to login, I got a 4 digit OTP in which the thought came to my mind that why can’t we bypass it?, so I opened my Burp suite and forwarded the request to Intruder and added 4 digits word list from Seclists

When the request went out, I got a request whose content was different in length, when I opened it, I got “your mobile OTP has been verified”

Boom :) We bypassed the otp well.

Backdoor Uploading:-

When I logged in to that website, I saw the functionality of a profile photo in it and when I started selecting a file, All Files was by default selected already in it, which meant that we can upload any file in the profile photo, so I uploaded a PHP backdoor shell in profile photo.

As you can see in the above image, the profile is not rendered because it is not a image but a PHP file,

When I opened this image in New Tab, I got exactly what I wanted. We uploaded our backdoor to this web server with the help of profile photo functionality and we can now access it from anywhere.

Thanks for reading📖

Follow for more about bug bounty and cyber security🔒