How I was able to bypass your consent to spam you.
After my college exams, I was sitting in front of my laptop using youtube watching funny videos. My friend messeged me on WhatsApp:-
“hey, do you want to test a website”,
“Yes”, I replied.
He then sent me a list of websites that were having responsible disclosure. I picked one and start testing it, after an hour I didn’t found anything so lost hope thinking that this website doesn’t have any vulnerability.
Then I want to test something that I read a few days back on medium, It was a guy who got bug bounty for making a web app work for him to spam others. I tried implementing his idea but failed.
Now I think let’s give it another try and after struggling for 15 minutes I was able to pull it off.
So steps are:
* I registered using my original mail for the newsletter.
* I confirmed my registration by clicking on a link sent to my mail.
now the actual thing starts.
* The website has an option to change the mail address we registered with for newsletter.
* I clicked on it and entered a temp-mail.
to my surprise, no confirmation mail was sent to that mail address and that email was registered for the newsletter.
I wrote a mail to the company and got this in reply
That is all for today. Happy Hacking
Open for suggestions.