1.Register 2 accounts with any 2 mobile number(first enter right otp)
2.Intercept your request
3.click on action -> Do intercept -> intercept response to this request.
4.check what the message will display like status:1
5.Follow the same procedure with other account but this time enter wrong otp
6.Intercept respone to the request
7.See the message like you get status:0
8.Change status to 1 i.e, status:1 and forward the request if you logged in means you just done authentication bypass.
Happy Hacking.:)
Resource Google,Youtube,Twitter
Impact:auth bypass,account takeover etc.