2021-06-27 14:55:59 +00:00
# Registration Vulnerabilities
## Takeover
### Duplicate Registration
* Try to generate using an existing username
* Check varying the email:
* uppsercase
2021-10-18 11:21:18 +00:00
* \+1@
2021-06-27 14:55:59 +00:00
* add some some in the email
2021-10-18 11:21:18 +00:00
* special characters in the email name (%00, %09, %20)
2021-06-27 14:55:59 +00:00
* Put black characters after the email: `test@test.com a`
2021-06-27 15:43:01 +00:00
* victim@gmail.com@attacker.com
* victim@attacker.com@gmail.com
2021-06-27 14:55:59 +00:00
### Username Enumeration
Check if you can figure out when a username has already been registered inside the application.
### Password Policy
2021-10-18 11:21:18 +00:00
Creating a user check the password policy (check if you can use weak passwords).\
2021-06-27 14:55:59 +00:00
In that case you may try to bruteforce credentials.
### SQL Injection
2021-10-18 11:21:18 +00:00
****[**Check this page ** ](sql-injection/#insert-statement)to learn how to attempt account takeovers or extract information via **SQL Injections** in registry forms.
2021-06-27 14:55:59 +00:00
### Oauth Takeovers
2021-10-18 11:21:18 +00:00
{% content-ref url="oauth-to-account-takeover.md" %}
[oauth-to-account-takeover.md ](oauth-to-account-takeover.md )
{% endcontent-ref %}
2021-06-27 14:55:59 +00:00
2021-06-27 15:43:01 +00:00
### SAML Vulnerabilities
2021-06-27 14:55:59 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="saml-attacks/" %}
[saml-attacks ](saml-attacks/ )
{% endcontent-ref %}
2021-06-27 15:43:01 +00:00
### Change Email
when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.
2021-06-27 14:55:59 +00:00
## More Checks
* Check if you can use **disposable emails**
2021-10-18 11:21:18 +00:00
* **Long** **password** (>200) leads to **DoS**
2021-06-27 14:55:59 +00:00
* **Check rate limits on account creation**
2021-10-18 11:21:18 +00:00
* Use username@**burp_collab**.net and analyze the **callback**