Published in


Response Manipulation leads to Account Takeover

Photo by olieman.eth on Unsplash

This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication. This story would walk through how I bypass its OTP check using response manipulation. So, let’s begin.

If you are not yet a medium member, please subscribe using the link below.




Where Innovation is Composed

Recommended from Medium

Event ID: 43 — Let’s Defend

The world looks to Denmark for strong leadership in encryption

{UPDATE} Beepzz Hill Rennspiel für Kind Hack Free Resources Generator

{UPDATE} Double Rich Hack Free Resources Generator

Alibaba Cloud Discovers the Latest ThinkPHP v5 Vulnerability

MetaTravelers Cypher Puzzle #1

For The Love of Big Data, Threat Schema and Directed Graphs in Cybersecurity

GoZ Updates #4: Phase 3 and The Saga of Deception Attacks

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: Ping me for online private tutoring.

More from Medium

Finding EXIF Geo-location of images

XSS - The LocalStorage Robbery

Content Discovery: Automated and Manual

$$$ Bank 🏦Verification Bypass(Broken Object Level Authorisation)