Akash Hamal Profile picture
Solo || TRYING HARDER! || https://t.co/B6zlR3Mk5b || https://t.co/P3dAj9GVap || eJPT || i love logical flaws :D || Patience is they key ❤️
7 Sep
I have seen many reports regarding MFA bypass and many repos has got techniques to bypass MFA but here is one of my personal method or never seen before technique to bypass MFA, make sure to add it to your checklist ;)..... follow 👇

#bugbountytips #bugbountytip #bugbountytip
1) access control issues are everywhere in website right?

normal login flow :

email + passwd => mfa => enters acc

the flaw :

email + password => enters wrong mfa code and intercepts the req with burp, changes request line and params .....
..... and issues the request to see if it updates internal infos before passing the mfa check!
Read 8 tweets