Registration Form

Registration Form Exploit

https://xmind.ai/share/6ZrhpTgT

Business Logic

Try to register with the email example@target.com. Sometimes these accounts have special privileges such as no rate limiting and bypass certain verifications.

Impersonation

Register twice using the same data but changing the sign-up component.

• The victim’s account could be hijacked if the application allows resetting the password based on one of the sign-up components.

Duplicate Registration - The Twinning TwinsMedium

POST /newaccount HTTP/1.1
...
email=victim@mail.com&password=1234

After sign up using victim email, try signup again but using different password

POST /newaccount HTTP/1.1
...
email=victim@mail.com&password=hacked

• The attacker may impersonate the victim by using his data from another account.

• The victim’s data can be removed entirely from the database or replaced with new ones entered by the attacker.

Username and other sensitive data such as document number, phone number, personal identification number, International Bank Account Number, etc., must be linked to the existing account and blocked from being used again.

Spoofing

Register twice using: the same email | + |. |uppercase|unicode.

• The attacker could smuggle messages to the victim based on the registration form, which could help in a phishing campaign.

• A victim’s mailbox can be flooded with vast amounts of email messages. Asa result, the mail server can place messages from the target domain in the spam or block them entirely from delivery.

• An attacker could get registration bonuses multiple times.

SSTI

In name field:

"{{7*7}}<img>
"">{{7*7}}<img>"

XSS

{{constructor.constructor('alert(`XSS`)')()}}

An unusual way to find XSS injection in one minuteMedium

Punny Code Attack

Puny-Code Vulnerabilities & Account TakeoverVoorivex Hunting Team

Create an account, append your collaborator at the end to receive SMTP callback

admin@wearehackerone.com.collaborator.com

Sign up again using punny code

scripts/punycode_gen.py at main · coffinxp/scriptsGitHub

admin@weàrehackerone.com.collaborator.com

Burp automatically encode the puny code -> Intercept the request and change the email field manually

"Email already exists" -> The app is vulnerable

Forgot password: Reset the password with the punycode email address. Again intercept the request and change the field in the request, use the puny code

You should get a SMTP callback with the reset password link - Reset the password

Login again with the original email and the new password

Source: https://www.youtube.com/watch?v=Cj1sOFHDClM

Fake Informations

OpSec / Anonymity

Akto Developer Security Free Toolswww.akto.io

Username

Username Generator | Random Username Generator - Akto Free Toolwww.akto.io

Phone

https://www.akto.io/tools/phone-number-generatorwww.akto.io

Receive SMS

Free Temp Phone Numbers + NEW Temporary Email | SMSToMeSMSToMe

Address

https://www.akto.io/tools/address-generatorwww.akto.io

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.