Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 3 pages modified

Browse source
This commit is contained in:
CPol 2021-06-27 14:55:59 +00:00 committed by gitbook-bot
parent 22b8fc8bf4
commit 82dac477c6
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 44 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
SUMMARY.md
View file

@ -385,6 +385,7 @@
* [PostMessage Vulnerabilities](pentesting-web/postmessage-vulnerabilities.md)
* [Race Condition](pentesting-web/race-condition.md)
* [Rate Limit Bypass](pentesting-web/rate-limit-bypass.md)
* [Registration Vulnerabilities](pentesting-web/registration-vulnerabilities.md)
* [Regular expression Denial of Service - ReDoS](pentesting-web/regular-expression-denial-of-service-redos.md)
* [Reset/Forgotten Password Bypass](pentesting-web/reset-password.md)
* [SAML Attacks](pentesting-web/saml-attacks/README.md)

42
pentesting-web/registration-vulnerabilities.md Normal file
View file

@ -0,0 +1,42 @@
# Registration Vulnerabilities
## Takeover
### Duplicate Registration
* Try to generate using an existing username
* Check varying the email:
* uppsercase
* +1@
* add some some in the email
* special characters in the email name \(%00, %09, %20\)
* Put black characters after the email: `test@test.com a`
*
### Username Enumeration
Check if you can figure out when a username has already been registered inside the application.
### Password Policy
Creating a user check the password policy \(check if you can use weak passwords\).
In that case you may try to bruteforce credentials.
### SQL Injection
\*\*\*\*[**Check this page** ](sql-injection/#insert-statement)to learn how to attempt account takeovers or extract information via **SQL Injections** in registry forms.
### Oauth Takeovers
{% page-ref page="oauth-to-account-takeover.md" %}
### Redirects
Pages usually redirects users after login, check if you can alter that redirect to cause an [**Open Redirect**](open-redirect.md).
## More Checks
* Check if you can use **disposable emails**
* **Long** **password** \(>200\) leads to **DoS**
* **Check rate limits on account creation**

2
pentesting-web/web-vulnerabilities-methodology.md
View file

@ -82,10 +82,10 @@ There are several specific functionalities were some workarounds might be useful
* [ ] \*\*\*\*[**Bypass Payment Process**](bypass-payment-process.md)\*\*\*\*
* [ ] \*\*\*\*[**Captcha Bypass**](captcha-bypass.md)\*\*\*\*
* [ ] \*\*\*\*[**Login Bypass**](login-bypass/)\*\*\*\*
* [ ] \*\*\*\*[**SQLi Insert Into**](sql-injection/#insert-statement) **- Injection in registry forms** \(extract info but also possible takeovers\)
* [ ] \*\*\*\*[**Race Condition**](race-condition.md)\*\*\*\*
* [ ] \*\*\*\*[**Rate Limit Bypass**](rate-limit-bypass.md)\*\*\*\*
* [ ] \*\*\*\*[**Reset Forgotten Password Bypass**](reset-password.md)\*\*\*\*
* [ ] \*\*\*\*[**Registration Vulnerabilities**](registration-vulnerabilities.md)\*\*\*\*
### **Structured objects / Specific functionalities**