HackTricks
Search…
Pentesting
Powered By GitBook
Registration Vulnerabilities

Takeover

Duplicate Registration

Username Enumeration

Check if you can figure out when a username has already been registered inside the application.

Password Policy

Creating a user check the password policy (check if you can use weak passwords). In that case you may try to bruteforce credentials.

SQL Injection

Check this page to learn how to attempt account takeovers or extract information via SQL Injections in registry forms.

Oauth Takeovers

SAML Vulnerabilities

Change Email

when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.

More Checks

    Check if you can use disposable emails
    Long password (>200) leads to DoS
    Check rate limits on account creation
    Use [email protected]burp_collab.net and analyze the callback
Last modified 3mo ago