Deepseek Vulnerability

In this article, I will provide a step-by-step guide on exploiting the ‘Forgot Password’ vulnerability. This exploit enables an attacker to gain unauthorized access to any account without necessitating user interaction

Requirements

• victim’s Gmail account
• Burp Suite

Let’s start…

Open the Deepseek login page, click on ‘Forgot Password,’ and enter the victim’s account. Then, click on ‘Send Code.’ In Burp Suite, intercept the request, click ‘Continue,’ and capture the request.

You can see that we have captured this request. Now, send it to the Intruder in Burp Suite.

Select the verification code and click on Add$

Select the payload type as Numbers and set the range. Since the verification code contains six digits, choose a range from 111111 to 999999.

Go to the settings, clear all existing words, and then add the word success.

Why Select “success”?

• When performing a brute-force attack on a verification code, we need to identify the correct response from the server.
• The Grep — Match feature highlights responses that contain a specific keyword.
• In many web applications, a successful verification returns a message like “success” in the response.
• By adding “success” here, Burp Suite will flag any response that includes this word, helping us quickly identify the correct verification code.

Start the attack, it will take some time to perform due to the large number of items in the list.

you can see that the attack was successfully performed as it gives us a success response.

Now, we have changed the verification code to 381675 and forwarded the request.

When we forward the request and check in the browser, it asks us to change the password.

Now, you change the password and gain access to the victim’s DeepSeek account.

Thank You for reading this article. I hope that you have found this information provided to be valuable and helpful. Use it for educational purposes only…. 🙂

RADEEL AHMAD