Recently, I discovered an Authentication Bypass that can lead to a complete Account Takeover. This write-up will explain how I figured & exploited that issue. So Let’s get started.
While testing on Android App, I created an account with <redacted>@gmail.com & after account creation, I logged into my account & a pricing page popped up in which all the features are described. So to get full feature access. I have to pay for it. (Account was too Expensive)
I follow the same steps for account creation on their web portal. But, after filling in all the details, I…
Bug Hunter | Programmer