How i got a free delivery by signing up with “@company.com” #Bug Bounty write up

Hello everyone, today i’m back with another write-up, in this write-up i will explain, how i got a free delivery access to all my orders by signing-up with “@company.com”.

Let’s start,

When the target website doesn’t have 2F-Authentication enabled, this type of vulnerability usually works or it also works when the 2F-authentication enabled for mobile number.

Before registering to the account, i tried “admin@company.com”, “administrator@company.com” and some other, but got an error “this email id is already taken” so i registered with other email address “admin_@company.com” after many errors.

Steps to reproduce

1) Signup with “admin_@company.com”
2) Check the profile tab you may see the extra privileges for your account.
3) Place the order.

To cross check created another normal user account “test@gmail.com” and placed a order with same location but i didn’t get any free delivery for the item.

Impact

1) By registering the account with “@company.com” you easily get a free delivery access to your orders.
2) Extra privileges.

Tips

1) Try to break things logically
2) Don’t give up.