Registration Form
Last updated
Was this helpful?
Last updated
Was this helpful?
Register twice using the same data but changing the sign-up component.
The victim’s account could be hijacked if the application allows resetting the password based on one of the sign-up components.
After sign up using victim email, try signup again but using different password
The attacker may impersonate the victim by using his data from another account.
The victim’s data can be removed entirely from the database or replaced with new ones entered by the attacker.
Username and other sensitive data such as document number, phone number, personal identification number, International Bank Account Number, etc., must be linked to the existing account and blocked from being used again.
Register twice using: the same email | +
|.
|uppercase|unicode.
The attacker could smuggle messages to the victim based on the registration form, which could help in a phishing campaign.
A victim’s mailbox can be flooded with vast amounts of email messages. Asa result, the mail server can place messages from the target domain in the spam or block them entirely from delivery.
An attacker could get registration bonuses multiple times.
In name field:
XSS
Receive SMS