Oculus identity verification bypass through brute-force

Image for post
Image for post


brute froce attack near verify your identity and bypass identity verification

Oculus is avery secure web application which doesnt have any vulnerability but i found some that which has lack of rate limit near identity verification

The identity has been used in oculus near username parameter what that means whenever the user wants to change the username of the user account then user needs to be done this identity verification. How this identity verification works in oculus. Whenever the user wants to change the username the OTP will be sended to the registered mail of the user. Now the OTP is in 6digit number

Steps to reproduce :

1)login to oculus
2)goto profile and change username
3)Oculus sends the 6-digit verification code to user through gmail
4)and for testing i have entered wrong code
5)actually the code is 483967 i have entered 486960
6)And captured that request in burpsuit now added 486960
7)And given payloads from 482000=>483970 total 1,971 payloads and started attack
8)At 483967 the length of the code is different all invalid payloads code=>1152,valid=>840
9)Now by seeing length i have confirmed it is the correct payload.that is same payload i got in mail for identity verification

Poc ::https://drive.google.com/file/d/1MPZSY_yB_dayKvXCur2zxDV_Y5tc01f3/view?usp=sharing

Reported on :28/may/2019

Triged on : 12/jun/2019

Rewarded on :9/july/2019

Image for post
Image for post

NOTE : i have awarded from facebook three times. I’ll post that remaining two reports ASAP

Written by

Bug bounty hunter | web application security | memory forensics | SIEM | Network security | Facebook whitehat security researcher | top in Cisco PSIRT

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store