OTP (One-Time Password) bypass via response manipulation is a technique where an attacker intercepts and alters the server's response to bypass the OTP verification step. Response Manipulation: The attacker manipulates the server's response. For example, they might change a response indicating OTP failure to one indicating success, or bypass the OTP check entirely by altering response codes or parameters. After successfully manipulating the response, the attacker gains unauthorized access to the application, bypassing the OTP verification step. Steps To Reproduce: go to https://business.zomato.com/ add restaurant and while verifying the phone number intercept the request. Now change the response from {"status":"failed","message":"Invalid OTP. Please try again"} to {"status":"success","message":"Verification successful"} You'll see the otp has been verified. Supporting Material/References: Impact The attacker is able to verify any phone/mobileā¦Read More