52 lines
1.5 KiB
Markdown
52 lines
1.5 KiB
Markdown
# Registration Vulnerabilities
|
|
|
|
## Takeover
|
|
|
|
### Duplicate Registration
|
|
|
|
* Try to generate using an existing username
|
|
* Check varying the email:
|
|
* uppsercase
|
|
* \+1@
|
|
* add some some in the email
|
|
* special characters in the email name (%00, %09, %20)
|
|
* Put black characters after the email: `test@test.com a`
|
|
* victim@gmail.com@attacker.com
|
|
* victim@attacker.com@gmail.com
|
|
|
|
### Username Enumeration
|
|
|
|
Check if you can figure out when a username has already been registered inside the application.
|
|
|
|
### Password Policy
|
|
|
|
Creating a user check the password policy (check if you can use weak passwords).\
|
|
In that case you may try to bruteforce credentials.
|
|
|
|
### SQL Injection
|
|
|
|
****[**Check this page **](sql-injection/#insert-statement)to learn how to attempt account takeovers or extract information via **SQL Injections** in registry forms.
|
|
|
|
### Oauth Takeovers
|
|
|
|
{% content-ref url="oauth-to-account-takeover.md" %}
|
|
[oauth-to-account-takeover.md](oauth-to-account-takeover.md)
|
|
{% endcontent-ref %}
|
|
|
|
### SAML Vulnerabilities
|
|
|
|
{% content-ref url="saml-attacks/" %}
|
|
[saml-attacks](saml-attacks/)
|
|
{% endcontent-ref %}
|
|
|
|
### Change Email
|
|
|
|
when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.
|
|
|
|
## More Checks
|
|
|
|
* Check if you can use **disposable emails**
|
|
* **Long** **password** (>200) leads to **DoS**
|
|
* **Check rate limits on account creation**
|
|
* Use username@**burp_collab**.net and analyze the **callback**
|