1 min readMar 13, 2018
Hi Ak1T4, it was not validating both of those parameters, neither mobile num nor username. Creating a csrf payload keeping their values as null was also working here.
Written by Avinash Jain (@logicbomb)
Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc