How I Was Able To Send SMS From Google To Anyone | $$$ Google Vulnerability:
2021-10-05 14:44:13 Author: infosecwriteups.com(查看原文) 阅读量:36 收藏

An interesting write up about Google Vulnerability:

Raidh Ĥere

Hi, amazing Hackers, its Raidh_Here. Hope you all are doing good. I am again with a cool google VRP write up. So without wasting any time let’s jump into the write up.

BEGIN THE READ:

It was night and was looking at my pc like everyday. After thinking of many hours, I just took a break and made a cup of coffee . I just picked up my phone and saw a message about verification code for Google Merchant Center.

I sipped my coffee and sat in front of my PC and searching for any verification code leakage.

While sending the OTP verification request, It seemed so interesting like this.

I picked up my phone, checked the verification message.. wait what!!

It was the same SMS content that I got from my phone. I was like whoooo what the hell.. I tried to make some changes in the OTP . But it didn’t work

I tried to make some changes in the SMS format. Yes, it worked .So I can edit the SMS format, added any content that I wanted and able to send to victims like this.

“ send your verification code to attacker.com {otp} ”

“send your verification code to this number to verify your account {otp} ”

I created a report on the behalf of Google .They closed as Won’t Fix (Obsolete). But after explaining the attacking scenario, they accepted the bug and rewarded $$$ bounty…..

“while searching the verification code leaks don’t forget to search the SMS format to” :D

TIMELINE

Jan 21, 2021 11:44AM — REPORTED
Feb 11, 2021 10:24AM — Status: Won’t Fix (Obsolete)
Feb 16, 2021 06:23PM — Status: Accepted (reopened)
Feb 23, 2021 08:20AM — REWARDED $$$


文章来源: https://infosecwriteups.com/how-i-was-able-to-send-sms-from-google-to-anyone-google-vulnerability-3277ea0cc9d1?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh