Be my friend! Verification no need :-)
Hello everyone hope all are safe and doing good. I am Vasanth from Madurai, Tamilnadu, and a part-time bug bounty hunter I have been acknowledged by Google, Apple, Microsoft, GitHub, Pornhub, and 10+.
This is my third writeup in this I will share how I was able to send a friend request to Pornhub users without mail addresses is verified.
Let’s Go
After found the first bug on Pornhub I was looking for another bug at that time I saw we can able to add other users as a friend well but on Pornhub, I don’t have any friends🥺🥺.
I created another account and now navigated to the second account profile and selected “Add Friend” but the game begins I have not verified the mail address so here to add a friend I need to verify the mail address😏😏 uff..!
Then it is time to what?? let’s play with Inspect Element🔥🔥 I have analyzed all the 👨💻👨💻 source code and finally i found this part.
The Code was
During my testing with my verified account, I have finded.
data-show-confirm-email-model=”1" → This “1” indicates the account is not verified and
data-show-confirm-email-model=”0" → This “0” indicates the account is verified.
Now lets send friend request without mail address is verified but how? just the change the value from “1” → “0”
Now when I clicked “Add Friend” I was able to send a friend request without my email is verified😉.
Well, to verify I went to my second account and checked the Friend request list to my surprise the request came😍😍 and if we accept we can become friends😊😊.
In this way I was able to send a friend request to any users on Pornhub without the mail address is verified.
TIMELINE
Reported on →16/04/2022
Traiged on → 17/04/2022
Resolved on → 27/06/2022
I hope you will like this writeup soon and will see it in the next writeup.
“Don’t wait for the dream Chase it”
Thanks for taking the time to read my write-up.
Connect me on LinkedIn: https://www.linkedin.com/in/vasanth-gn-3163a155/
Do Follow Techiepedia for more Interesting write-ups!
