Logic Bug Can Create Multiple User Accounts with 1 Phone Number (Reward $150)

Hallo Bug Hunters,

Today I will show you my next finding

let’s go

I found this bug on register page. In register you should add phone number for registration, if you don’t add number phone, you can’t go to next step.

Ok, let’s add phone number first time, then the system will send you a verification code. enter verification code on app.

after that in the next step we must input name and email, on this step the vulnerability exist

you can see the request & response below

POST Method

https://<www.target-site.com>/wp-admin/admin-ajax.php?action=kl_create_u ser_ajax

Request : name=akun3&email=akun3%40mailinator.com

Response : {“success”:true,”code”:200,”asking_login”:false,”message”:”Reg ister telah berhasil”,”redirect”:”https:\/\/<www.target-site.com>\/”}

If you do brute force, you can create multiple account with only using one number phone, because this request don’t apply validation.

and this site you can see feature login with number phone, if you login with 1 phone number earlier, then the application system will error.

I immediately reported it to the company and waited about a week, and the result is valid :)

Thank you for visit my blog ..

TIMELINE :

Report : 14/12/2022

Status : Valid

Reward : $150