I used a temp-mail on a crypto website
Hey guys I’m back!
So I have been reporting this particular bug to many different websites to see whether it's worth reporting or not.
What is the bug?
Weak Registration Implementation>Use of Disposable Emails/Phone-numbers
What are disposable emails?
Disposable email addresses are aliases to your actual email address, adding a layer of privacy or spam control, and can be used to sign up for websites or newsletters that you don’t trust. If one of these addresses gets too much spam, for example, simply delete the address.
As you can see they are a precaution against bad websites, but we are hunting on the good sites. (Hopefully) So I reported this to a bunch of programs from e-commerce to trading programs and waited for their replies.
while we wait for the reply, Let’s go over steps quickly
- Choose a temporary email service provider of your choice. If you don't know any, here you go: https://temp-mail.org/en/
- Sign-up using the temp-mail/number. If you can’t find temp numbers, here you go again: https://sms24.me/en/numbers/
- Finish up the email confirmation and that’s it.
So now back to replies,
- Platform Report: Triaged by Triager (P4), Downgraded by Company (P5). (Got reputation points so kudos to that)
- E-Commerce Report: Happy to know that users are self-aware of privacy and closed it as Won’t Fix.
- Another E-Commerce Report: Already known issue. (No comment)
- Trading Site: Low-Risk Issue closed it with a 100USDT :)
Conclusion? If the program you are hunting on does not want to take any risks against fraud or fake accounts, try reporting this bug. It's easy to find and creating a PoC won’t take more than 5 minutes.
That’s all for this write-up, I’ll be back with some stupid shit again, so yeah!
Not Recommended but okay XD