THEHACKTIVISTS.
COM
HACKTIVISTS
U N I V E R S I T Y
E M P OWE R IN G GR OWT H
APPLICATION
SECURITY
� The Hacktivists™
Exploring for Vulnerabilities in the Registration Page
Before exploring how to discover vulnerabilities in sign-up features, it's crucial to understand how
developers implement them. Let's take the example of a school website, school.org, where students need
to register to access academic resources.
The sign-up process on school.org can be implemented in two ways:
Manual Registration Page - This involves users providing specific user information, including name,
email, password, confirm password, etc., through a series of forms, as shown in the image below.
Social Sign-up/OAuth - This type of registration is via an integrated social media source like Facebook,
Twitter, or Google, allowing users to sign into a third-party website instead of creating a new account.
The Hacktivists™
� The Hacktivists™
Exploiting Registration Page
Bruteforce Registration Page
One of the most common vulnerabilities in the sign-up process is the ability to create duplicate
registrations or overwrite an existing user. This vulnerability can have serious consequences depending
on the type of attack carried out.
Here's how an attacker can reproduce this vulnerability:
● Create the first account in the application using an email address like
[email protected] and a password.
● Log out of the account and create another account with the same email address but a different password.
● In some cases, changing the email case from
[email protected] to
[email protected] could also create a duplicate account.
● Complete the account creation process, and it will succeed without any errors.
● Now, try to log in using the same email and the new password.
● You will be able to log in successfully, thereby compromising the security of the account.
Here's how an attacker can carry out this attack:
● https://hackerone.com/reports/187714
● https://shahjerry33.medium.com/duplicate-registration-the-twinning-twins-883dfee59eaf
● https://blog.securitybreached.org/2020/01/22/user-account-takeover-via-signup-feature-bug-bounty-poc
DOS at Name/Password field in Registration Page
One of the most straightforward and effective methods of exploiting vulnerabilities in the sign-up
process is by performing a Denial of Service (DoS) attack on the name or password field on the
registration page.
Here's how an attacker can carry out this attack:
● Navigate to the sign-up form and fill out the form with valid information.
● In the password field, enter a long string of characters.
● Click on "Enter" to submit the form.
● If app is vulnerable, it will respond with 500 Internal Server error, rendering website unavailable to legitimate users.
This type of attack can have significant consequences, such as rendering the website unavailable,
slowing down its performance, and causing disruption to business operations.
The Hacktivists™
� The Hacktivists™
Cross-Site Scripting (XSS) in username in Registration Page
Cross-site scripting (XSS) is type of security vulnerability that typically occurs in web applications that
allow user input. Attackers can exploit this vulnerability by injecting malicious code into web
applications content, making it part of the site and enabling it to affect users who visit or view that site.
To test the sign-up page for XSS vulnerabilities, we can use payloads to inject malicious code into fields
like username and password. For example, here are two common XSS payloads that attackers may use:
Payload for the username field:
<img src=x onerror=alert(1)>
Payload for the email field:
"><svg/onload=confirm(1)>@x.y
By inserting these payloads into the relevant fields, attackers can execute malicious code on the website,
potentially compromising the security of the site and its users.
Here's how an attacker can carry out this attack:
● https://hackerone.com/reports/196989
● https://hackerone.com/reports/470206
● https://hackerone.com/reports/119090
No Rate Limiting in Registration Page
Implementing a rate-limiting algorithm is a critical measure to prevent abuse on the sign-up page. A
rate-limiting algorithm checks the user session or IP address based on the information in the session
cache to determine whether it should be limited. Testing for rate limits on the sign-up page is an
excellent way to ensure the security and performance of the application.
The impact of not implementing rate limiting on the sign-up page can be severe. Malicious users can
generate hundreds or thousands of fake accounts, filling the application database with fake accounts
that can have a significant impact on the business.
To test for rate limits, you can use Burp Intruder by following these steps:
● Capture the sign-up request and send it to Intruder.
● Add different emails as payloads.
● Start Intruder, and check whether it returns a 200 OK response.
Here's how an attacker can carry out this attack:
● https://hackerone.com/reports/905692
● https://hackerone.com/reports/97609
● https://hackerone.com/reports/262830
The Hacktivists™
��������HACKTIVISTS
U N I V E R S I T Y
E M POW ERING GROWT H
thehacktivists.com
/hacktivistsuniversity @HacktivistsUniversity /hacktivists-university
/hacktivistsuniversity @hacktivistuniv
