In this blog, I'll share a few unique and real-world ways to bypass email verification without using any tools at all — no Burp Suite, no scanners, nothing fancy. Just a browser, logic, and curiosity.
If you enjoy finding bugs by thinking instead of tooling, this one's for you.
1️⃣ OTP Verification Bypass via Disabled Register Button
This website's signup flow works like this: The user enters an email address, and in the next step the system asks for an OTP. Only after the OTP is successfully verified does the Register button become clickable. How I Found the Issue
- I filled in all the required details like name and password.
- I entered an email address, and the application asked for OTP verification.
- At this stage, the Register button was present but disabled.
- I inspected the Register button and noticed the attribute disabled=true.
- I removed the disabled attribute from the button.
- The Register button immediately became clickable.
- I clicked it, and the account was created successfully without verifying the OTP
2️⃣ Email Verification Bypass via Recruiter Signup Flow
I initially submitted this issue as Low severity, but after reviewing the impact, the target upgraded it to High. The application has two different signup flows:
- Student signup – works normally and enforces email verification before account creation.
- Recruiter signup – asks for email and password first, then redirects the user to a subscription/payment page.
How the Bug Works
- I created an account using the Recruiter signup page by entering an email and password.
- After submitting the details, the application redirected me to a payment/subscription page.
- I did not complete the payment and simply left the page.
- Next, I went to the Student login page (not the signup page).
- I logged in using the same credentials created on the recruiter page.
- Login was successful without any email verification.
3️⃣ Email Change Verification Bypass via Edit Profile
This issue is not related to signup. The application provides a Change Email feature inside the Edit Profile page. Expected Behavior
- User clicks Change Email
- OTP is sent to the current email address
- After successful OTP verification, the email is updated This email change feature exists as one block inside the Edit Profile page.
How the Bug Works
- I navigated to the Change Email section on the Edit Profile page.
- The email field was marked as read-only.
- I inspected the email input field and removed the readonly attribute.
- I changed the email address directly (without clicking the "Change Email" button).
- Instead of using the email-specific button, I clicked the Save Profile button (used for the entire profile).
- The profile was saved successfully, and the email address was updated without any OTP verification.
4️⃣ Email Verification Bypass via Secondary Email Promotion
This one is uncluttered. The website allows users to create an account and log in immediately, but the profile remains marked as unverified until the email address is verified. How the Bug Works
- I created an account using someone's email address and did not verify it.
- I logged into the account and navigated to Account Settings.
- There was an option to add a secondary email address.
- I added an email address that I control and completed its verification.
- After verification, the application allowed me to mark the secondary email as the primary email.
- Once I did that, I noticed something unexpected: The original email address (used during signup) was now automatically marked as verified.
5️⃣ OTP bypass by swapping
I've already written a detailed blog about this issue, so I'm not repeating it here.
I hope you liked this blog and learned something new from it. As always, if you don't understand any point or need a proper POC or clarification, feel free to ping me on email. I'm always happy to help and discuss.
👀 Stay tuned for more "No-Tool Bug Bounty" write-ups! Got questions? Email me: strangerwhite9@gmail.com or reach out on
Twitter: @StrangeRwhite9
by StrangeRwhite | Series: Finding Bugs Without Tools