Yesterday, 02:24 PM
If you know someone’s phone number, you can log into their Türk Telekom Online Services account and act on their behalf.
This critical vulnerability opens a massive door and if you want to get your hands on it, just contact me.
So, what does this access get you?
The person's full name. National ID number. Detailed address. Modem information. The authority to change modem passwords. Access to internet packages. A complete list of all phone numbers registered under their name. Home internet records. And much more.
Simply put: by using the refresh token linked to the target number in the database, we can generate unlimited access tokens granting persistent access.
Just one number. That’s all it takes.
This vulnerability is for sale, priced at around $10,000$ negotiable.
qTox:95774DA6966CD38AC46DF06119D3CF9000B301D72C7014BB952684E17FF6754EF50893133BB3
proof:
5555555555 access
![[Image: e47c91a87cc521d1efbd20183b42ee4259c9c593.gifv]](https://external-content.duckduckgo.com/iu/?u=https://64.media.tumblr.com/c28f803dbfef10a302ff051a43746f2f/3c5cd0a36f0a9b03-5f/s540x810/e47c91a87cc521d1efbd20183b42ee4259c9c593.gifv)