Sourav Sahana

@pocdork

Sourav Sahana Uncategorized Razer Pay Payment PIN Verification Bypass | $1000

Razer Pay Payment PIN Verification Bypass | $1000

Hi again. This was an android issue present on Razer Pay android application. This application is similar to Indian UPI app. I was able to bypass payment PIN verification and perform below operations:

Bypass Payment PIN for steal account balance

Bypass Payment PIN for account phone number change

Looks Interesting? Nothing special there ..

It’s all about response manipulation. When I was doing any payment related operation application was asking me a six digit PIN. After trying 3-4 times with wrong PIN got a message from application.

{"return_code":20017,"message":"Your wallet is locked, please try again in 2 hours 24 minutes 58 seconds , or reset your Payment PIN.","result":null}

See that return_code parameter . Looks interesting ? Using that response code further to identify whether the request was successful or not. Now I need a code that proves that the request is valid. So I started monitoring all successful return code and finally got a working code: 10000

So again I entered wrong PIN and in the response I replaced the return_code from 20017 to 10000 and BooM. I have successfully bypassed the PIN protection !

HackerOne report link: https://hackerone.com/reports/702383

Hope you have enjoyed the story. Happy hacking …

Leave a Reply

Your email address will not be published. Required fields are marked *

TopBack to Top