Otp Manipulation Leads to Account Takeover:

Hello everyone here i’m gonna share about the vulnerability “otp manipulation leads to account takeover which was found on famous ott platform 3 years ago : ) . If i can know the user phone number i can logged into their account . Here i was able to redirect the otp from victims number to attacker .

Lets start :D

Here i used my real number : 951********* and victim number is: 913*******

1. I requested otp for 913***** ( victim mobile number)

Then i intercepted the request in Burpsuite and changed the number to 951***** and forwarded the request

>> Inital Request:

>> Modified Request:

• Then we get like otp was sent to victim phone number : 913******

• But otp received to my actual number which is 951*****

• After i have entered above otp and clicked verify code

• Then finally i able to verify the otp and logged into victims account :)

Conclusion:

Due to lack of validation the otp which was supposed to send to victim number but here its sending to attacker and then attacker able to login to victims account :)

Thanks for reading ❤