Email Verification Bypass Worth $$$

2 min readMar 3, 2023

Hello Geeks, Hope you guys are hacking well. In this blog i am going to share a small story of bypassing email verification. I am not allowed to share the organization name so I will be using as the main domain.

* is in scope. As usual, I started with subdomain enumeration, for subdomain enumeration I mostly use combination of subfinder +findomain+amass. After enumerating domains i only found 3 live domains in which one is the main application and other two is having static pages. I picked and used to find more subdomains and found a subdomain

There is a registration page at where you can create account.

After creating an account, the user will receive an email with a verification link. Users have to verify their email to login into their accounts. The verification link looks like

I decode the value of e and found that the token is base64 encoded of email.
I was like.

So I registered a new account using a random email like as I don’t have access to email. To get logged in successfully I have to verify my email. So, I crafted an email verification link and used it to verify it. That was it.

To show the impact I used company email address.


March 22, 2021— Reported

March 22, 2021 — Triaged and $$$ Bounty awarded

September 28, 2021 — Fixed.

Thanks for reading, hope you learned something new. Do clap and share if you like. I will write more of my findings soon so, stay tuned for my next write-up.

Twitter: 7he_unlucky_guy