* Go to registration section and fulfill all the requirement
* Click to get code and intercept the request through burp proxy
* Right click to request and send to intruder
* Brute force 6 digit through burp intruder because no rate limit and other captcha verification or not implemented in get SMS option
* Analyze content length in burp intruder
* After 1000 or more try attacker are able to bypass otp verification or registration any mobile number without otp verification.

Leonti Kalinin

CyberSecurity // Info Sec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store