The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

If self-registration is possible, attempt to register the same username

Download 5,76 Mb.

Pdf ko'rish

bet	269/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 265 266 267 268 269 270 271 272 ... 875

Bog'liq
3794 1008 4334

If self-registration is possible, attempt to register the same username

twice with different passwords.

■

If the application blocks the second registration attempt, you can exploit

this behavior to enumerate existing usernames even if this is not possi-

ble on the main login page or elsewhere. Make multiple registration

attempts with a list of common usernames to identify the already regis-

tered names that the application blocks.

■

If the registration of duplicate usernames succeeds, attempt to register

the same username twice with the same password, and determine the

application’s behavior:

■

If an error message results, you can exploit this behavior to carry out a

brute-force attack, even if this is not possible on the main login page.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 265 266 267 268 269 270 271 272 ... 875