OnePlus has launched its new smartphone called OnePlus 2 which being sold on a special Invite Only mechanism.

The OnePlus 2s popularity is such that the invites are sold in the black market at a premium.

@oneplusFound a vulnerability with your referral system.

OnePlus 2 invite system hacked by an angry fan to jump queue

If you’re interested DM me and I’ll show you how it works.

Instead of just giving up, Cooper decided to hack the website.

He was able to shoot back up the list pretty quickly, eventually landing at position 1,694.

OnePlus 2 invite referral list hacked by an angry fan

Surprisingly, they worked.

A couple lines of python, and boom.

He was able generate a 32 digit random string and use it as a new mailbox.

OnePlus 2 invite referral list hacked by an angry fan

This exploit allows anyone to send confirmation emails to any email using OnePlus system.

To access an emails body, you need the email ID.

Some simple json drilling and we can easily extract it.

OnePlus 2 invite referral list hacked by an angry fan

Put it all together and what do you get?

OnePlus 2 invite referral list hacked by an angry fan

OnePlus 2 invite referral list hacked by an angry fan

OnePlus 2 invite referral list hacked by an angry fan

OnePlus 2 invite referral list hacked by an angry fan

OnePlus 2 invite referral list hacked by an angry fan

spot_img

source: www.techworm.net