How to Bypass State Bank of India’s Net Banking OTP

Last Updated: August 15, 2020 by - Leave a Comment
How to Bypass State Bank of India’s Net Banking OTP image
Share
Tweet
Share
Pin
19 Shares

Yes, you read the right title. You can be bypassed State Bank of India’s transaction OTP by just doing simple steps. Here we are going to show you how one of the guys Neeraj bypassed the OTP. Below are the steps how he did.

State Bank of India is the most popular bank in India and has millions of users account for it. But the service which they are providing is not good. This bug found 2 months ago and Neeraj reported to them, but they are not paying attention to it.

Important Note: This article was originally written by Neeraj we have just modified it. And this trick is only for education purpose. If anyone misuses this guide, they have to go jail and we are not responsible for it.

Nowadays One Time Password (OTP) are the most popular Out-of-band feature of most of the banks through which a user make a transaction and verify its identity using OTP sent to a mobile registered with the bank at the time of opening an account in the bank.

Read Also: How to send mail from your other email addresses without login to that account?

But what if we can bypass the OTP? Yes, you are thinking right, here we are writing about his (Neeraj) experience with a bank of which He was able to bypass OTP and make the transaction with any amount. Let’s begin the process.

How to Bypass SBI OTP

Steps To Bypass the OTP of SBI:

When we make the transaction at last stage we were sent to One Time Password Screen.

OTP Screen of SBI Net Banking image
OTP Screen of SBI Net Banking

Approximately 3 months ago, He was searching for bug in State Bank of India, after spending 1 hr on https://retail.onlinesbi.com, He found that when we were making transaction{on last stage of transaction} there is the parameter passing in POST request called
smartotpflag is set to Y i.e. smartotpflag=Y

Code inspect screen of sbi image
Code inspect screen of sbi

smartotpflag=Y

Initially, it was already set to value Y
Here we can easily understand that parameter smartotpflag is used to generate OTP, and Y represents yes generate the OTP and send it to your mobile.
But what if we change this Y to N.
Yes, exactly he has done of changed the value of Y to N, and the result was shocking to him.
the transaction has been successfully completed without entering the OTP.

Bug in Payment System of SBI Video

Share
Tweet
Share
Pin
19 Shares

How was it?

Your email address will not be published. Required fields are marked *

19 Shares
Share
Tweet
Share
Pin