📖
Pentest Book by n3t_hunt3r
  • XSS Filter Evasion and WAF Bypassing Tactics
  • Cloud Pentesting
  • AWS Security Testing
  • Azure Pentesting
  • GCP Pentesting
  • Web Application Pentesting
    • XSS <Cross Site Scripting>
      • PDF Injection <XSS>
      • DOM XSS
      • Server Side XSS <Dynamic PDF>
      • XSS Tools
    • SSRF <Server Side Request Forgery>
    • Open Redirect Vulnerability
    • Command Injection
    • File Upload
    • Rate Limit Bypass Techniques
    • IDOR
    • Web Cache Poisoning /Web Cache Deception
    • CSRF <Cross Site Request Forgery>
    • XPATH injection
    • LDAP Injection
    • JWT Vulnerabilities <Json Web Tokens>
    • CORS - Misconfigurations & Bypass
    • Reset/Forgotten Password Bypass
    • CRLF (%0D%0A) Injection
    • Clickjacking
    • Hostile Domain/Subdomain takeover
    • Server Side Inclusion/Edge Side Inclusion Injection
    • HTTP Request Smuggling / HTTP Desync Attack
    • SAML Attacks
    • OAuth to Account takeover
    • Cross-site WebSocket hijacking (CSWSH)
    • Uncovering CloudFlare
    • Email Header Injection
    • Unicode Normalization vulnerability
    • Registration Vulnerabilities
    • Race Condition
Powered by GitBook
On this page
  • Registration Vulnerabilities
  • Takeover
  • Duplicate Registration
  • More Checks

Was this helpful?

  1. Web Application Pentesting

Registration Vulnerabilities

PreviousUnicode Normalization vulnerabilityNextRace Condition

Last updated 3 years ago

Was this helpful?

Registration Vulnerabilities

Takeover

Duplicate Registration

  • Try to generate using an existing username

  • Check varying the email:

    • uppsercase

    • +1@

    • add some some in the email

    • special characters in the email name (%00, %09, %20)

    • Put black characters after the email: test@test.com a

    • victim@

    • victim@

Username Enumeration

Check if you can figure out when a username has already been registered inside the application.

Password Policy

Creating a user check the password policy (check if you can use weak passwords). In that case you may try to bruteforce credentials.

SQL Injection

****Check this page to learn how to attempt account takeovers or extract information via SQL Injections in registry forms.

Oauth Takeovers

{% page-ref page="oauth-to-account-takeover.md" %}

SAML Vulnerabilities

{% page-ref page="saml-attacks/" %}

Change Email

when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.

More Checks

  • Check if you can use disposable emails

  • Long password (>200) leads to DoS

  • Check rate limits on account creation

  • Use username@burp_collab.net and analyze the callback

gmail.com@attacker.com
attacker.com@gmail.com