Mar 18
Bypass confirmation to add payment method.
Summary:
This website requires confirmation from the email to successfully attach the payment method that you wanted to connect to the store. The problem occurs when you see the response after adding the payment method or PayPal email address.
Step to Reproduce
Go to add payment feature. Enter the PayPal address and intercept the request to see the response. After analyzing the whole process. I notice that the authorization or the verification token is visible in the response.
I notice when I verify my account through email, the request went to the specific endpoint with the eventId header on it.
I try the eventId in the response and It verify the email without opening the e-mail of the victim.
Timeline
Reported: 3rd Feb, 2022
Triage: 7th Feb, 2022
Bounty Awarded: 15th Feb, 2022 $XXX
Resolved: 24th Feb, 2022
Takeaway
Always analyze the response to know information about the application. Maybe it leaks the verification_token.
