* Go to registration section and fulfill all the requirement
* Click to get code and intercept the request through burp proxy
* Right click to request and send to intruder
* Brute force 6 digit through burp intruder because no rate limit and other captcha verification or not implemented in get SMS option
* Analyze content length in burp intruder
* After 1000 or more try attacker are able to bypass otp verification or registration any mobile number without otp verification.