Response Manipulation leads to Account Takeover
This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication. This story would walk through how I bypass its OTP check using response manipulation. So, let’s begin.
If you are not yet a medium member, please subscribe using the link below.