Oculus identity verification bypass through brute-force

karthik sunny007
Sep 9 · 2 min read

Title

brute froce attack near verify your identity and bypass identity verification

Oculus is avery secure web application which doesnt have any vulnerability but i found some that which has lack of rate limit near identity verification

The identity has been used in oculus near username parameter what that means whenever the user wants to change the username of the user account then user needs to be done this identity verification. How this identity verification works in oculus. Whenever the user wants to change the username the OTP will be sended to the registered mail of the user. Now the OTP is in 6digit number

Steps to reproduce :

1)login to oculus
2)goto profile and change username
3)Oculus sends the 6-digit verification code to user through gmail
4)and for testing i have entered wrong code
5)actually the code is 483967 i have entered 486960
6)And captured that request in burpsuit now added 486960
7)And given payloads from 482000=>483970 total 1,971 payloads and started attack
8)At 483967 the length of the code is different all invalid payloads code=>1152,valid=>840
9)Now by seeing length i have confirmed it is the correct payload.that is same payload i got in mail for identity verification

Poc ::https://drive.google.com/file/d/1MPZSY_yB_dayKvXCur2zxDV_Y5tc01f3/view?usp=sharing

Reported on :28/may/2019

Triged on : 12/jun/2019

Rewarded on :9/july/2019

NOTE : i have awarded from facebook three times. I’ll post that remaining two reports ASAP

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade