Simple Parameter Tampering → Account Takeover

Introduction:

Hi everyone! 🎉

Darshan this side . This is my 1st writeup .😃 On How I was able to login into any user account without user interaction.

Well, I think it’s enough introduction, let’s get started!

What is Parameter Tempering ?

The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc.

I was hunting on target which is online lecture and exam site . I cannot disclose name of company.😪 let’s call it target.com .

Scenario:

Attacker can get victims OTP on attackers phone by Tampering phone number parameter .

Reproduction steps:

Attacker want to get access to victims account

  1. Attacker will visit Target.com/login.html
  2. Attacker will add victim phone number (91xxxxxx27) in sign up box

3. Attacker will capture request in burp suite

4. Now attacker will add one more parameter as “phone”:”attackers phone number “ eg. “phone”:”96xxxxxx65 “

5. Now attacker got OTP on attackers number 96xxxxxx65

6. Attacker will fill OTP on Target.com/login.html and got access to victims account.

===

Timeline:

20 April → Bug Reported

21 April → Report Triaged

22 April → Marked as Duplicate 😭

I hope you guys enjoy reading my writeup!, follow me on Twitter , LinkedIn ,Instagram . see you on the next bug bounty writeup!

--

--

--

Ethical Hacker | Bug Bounty Hunter | College Student

Love podcasts or audiobooks? Learn on the go with our new app.

Is HackerNews a good predictor of Startup success?

{UPDATE} Plays 21 Hack Free Resources Generator

Sin7Y Tech Review (17): Zero-Knowledge Proof Algorithm: PLONK — Protocol

Turn IP Addresses Into Geolocation Data Using This API

How Ukraine became a test bed for cyberweaponry

MyQ Security: Protection Beyond Printing

Responsible Vulnerability Disclosure

{UPDATE} Cupcake Detective (Full) Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Darshan Jogi

Darshan Jogi

Ethical Hacker | Bug Bounty Hunter | College Student

More from Medium

OTP bypass with response manipulation.

Zero Click To Account Takeover

My First Pre-Auth Account Takeover in 20 secs

Bruteforce Protections Bypass