Account Verification bypass

Hello folks,
Hope you all good. It’s been a while from my last writeup, this one is really short.

Let’s get started,
I was working on a website and they were having an account verification step,
Registration steps were the same as every website have nowadays.
You need to provide your phone number and then they will send you an OTP and you have to enter it and registration done

Sound simple
So I thought, why not try to break the logic.
I was confused what to try first, few days back I read one bounty tip I read on twitter (Sorry don’t remember the name -_-)
so it was like “get two instances from a specific platform, one paid and one free, next try to get all the endpoints of paid using the free account”,
I tweaked it a bit .
Created an account normally and then got redirected to the home page.
I thought why not just pass on the “home” URL directly and try to bypass the verification process.

I was getting the feeling that this gonna fail but…

Surprise!!

I succeeded.

Moral of the story: Try to break the logic, sometimes it’s really easy to break the logic of an application by really simple step.

That all for today…

Feel free to point out any error or suggestion.

stay foolish, stay hungry that’s how you learn new stuff.