Comment on page
Registration Vulnerabilities
- Try to generate using an existing username
- Check varying the email:
- uppsercase
- +1@
- add some some in the email
- special characters in the email name (%00, %09, %20)
- Put black characters after the email:
[email protected] a
- [email protected]@attacker.com
- [email protected]@gmail.com
Check if you can figure out when a username has already been registered inside the application.
Creating a user check the password policy (check if you can use weak passwords).
In that case you may try to bruteforce credentials.
****Check this page to learn how to attempt account takeovers or extract information via SQL Injections in registry forms.
when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.
- Check if you can use disposable emails
- Long password (>200) leads to DoS
- Check rate limits on account creation
- Use username@burp_collab.net and analyze the callback