# Registration Vulnerabilities ## Registration Vulnerabilities ### Takeover ### Duplicate Registration * Try to generate using an existing username * Check varying the email: * uppsercase * +1@ * add some some in the email * special characters in the email name (%00, %09, %20) * Put black characters after the email: `test@test.com a` * victim@ * victim@ #### Username Enumeration Check if you can figure out when a username has already been registered inside the application. #### Password Policy Creating a user check the password policy (check if you can use weak passwords).\ In that case you may try to bruteforce credentials. #### SQL Injection \*\*\*\***Check this page** to learn how to attempt account takeovers or extract information via **SQL Injections** in registry forms. #### Oauth Takeovers {% page-ref page="oauth-to-account-takeover.md" %} #### SAML Vulnerabilities {% page-ref page="saml-attacks/" %} #### Change Email when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails. ### More Checks * Check if you can use **disposable emails** * **Long** **password** (>200) leads to **DoS** * **Check rate limits on account creation** * Use username@**burp\_collab**.net and analyze the **callback** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/registration-vulnerabilities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.