I'll discuss how I was able to hack popular dating services in this blog post.

The site's authentication bypass vulnerability allowed me to take control of anyone's account within the programme with just their email.

 

First now let's talk about what is Authentication Bypass Vulnerability

A vulnerability known as authentication bypass allows an attacker to access a victim's account even without knowing the password.

 

Now Let's talk about bug!!

I can't reveal the website URL because I discovered it through a private bug bounty programme. we interpret it to be https://xyz.com

When I try to log into the application with my genuine credentials, I always receive a response in JSON format, which contains the email address associated with that account

 

Steps: 

1. Try to login into account with wrong password.


 2. Request with original request and response contains email in response.

3. Captured request in burp-suite with wrong password and Intercept response of request.


4. Captured response of request.


5. Manipulate wrong response with real response.


6. Successful logged into account.

  Hope you find something new and benifical.

  Happy Hacking!!