How I was able to bypass your consent to spam you.

After my college exams, I was sitting in front of my laptop using youtube watching funny videos. My friend messeged me on WhatsApp:-

“hey, do you want to test a website”,

“Yes”, I replied.

He then sent me a list of websites that were having responsible disclosure. I picked one and start testing it, after an hour I didn’t found anything so lost hope thinking that this website doesn’t have any vulnerability.

Then I want to test something that I read a few days back on medium, It was a guy who got bug bounty for making a web app work for him to spam others. I tried implementing his idea but failed.

Now I think let’s give it another try and after struggling for 15 minutes I was able to pull it off.

So steps are:

* I registered using my original mail for the newsletter.
* I confirmed my registration by clicking on a link sent to my mail.
now the actual thing starts.
* The website has an option to change the mail address we registered with for newsletter.
* I clicked on it and entered a temp-mail.
to my surprise, no confirmation mail was sent to that mail address and that email was registered for the newsletter.

I wrote a mail to the company and got this in reply

That is all for today. Happy Hacking

Open for suggestions.