How I bypassed the registration validation and logged-in with the company email
2023-5-10 02:38:16 Author: infosecwriteups.com(查看原文) 阅读量:32 收藏

Khaledyassen

InfoSec Write-ups

Hello everyone, I hope all is okay with you.

Many websites feature sign-up pages that are only accessible to employees, but sometimes you may bypass the security and log in as an anonymous user. In this article, I’ll discuss different techniques that may be useful to you and a real-life scenario.

I began with wur.nl, a public program for Wageningen University, after gathering subdomains and taking screenshots with the Aquatone tool.

I discovered a target that I was interested in, so let’s go to work on it.

Usually, when I begin working on a target, the first thing I do is sign up for a fake account and browse the target to understand the functionalities to can work on it.

Unfortunately, the register allowed only for WUR-email address.

1] If you register with Target email, there might not be an activation code sent, try doing the following:

[email protected]

2] Response manipulation during the registration process

Response manipulation: technique that is used to make the target display some UI elements it shouldn’t. It can be used to find new endpoints, buttons, and also to trigger some new requests. Sometimes you can also bypass Password restrictions or OTPs

For example if I found thing like

status:false change it to status:true and so on

3] parameter pollution technique, for example

Try doing the following:

a] Adding parameters with the same key: value like

[email protected]&[email protected]

b] Adding parameter with incremental key: value pairs like

[email protected]&[email protected]

4] Sometimes, a list of values for the email parameter can be added to bypass the security, like this

email=[‘[email protected]’, ‘[email protected]’]

HTTP Parameter Pollution (HPP) : is a Web attack evasion technique that allows an attacker to craft a HTTP request in order to manipulate or retrieve hidden information, You can try this technique on many places like password change, 2FA, comments, profile photo upload, on a parameter where API key is passed, OTP etc.

When you manipulate any parameter, its manipulation depends on how each web technology is parsing their parameters, For further details about parsing, go to this website: https://book.hacktricks.xyz/pentesting-web/parameter-pollution.

5] Playing with the value itself, Sometimes, developers write code with weak regex that can be bypassed in a variety of ways, like the following.

Regex: is a sequence of characters that specifies a search pattern in text. Usually such patterns are used by string-searching algorithms for “find” or “find and replace” operations on strings, or for input validation For example email validation, For further details about regex, go to this website: https://regexr.com/

[email protected]@attacker.com

OR

[email protected]@target.com

Other techniques:

[email protected]

OR

[email protected]

## I started with this

[email protected]

It’s working, and I was able to log in :)

After logging in, I saw that I needed to activate my account in order to use all the features. The website offers a button to do this, so I used the burp collaborator payload to check if I would receive interaction or not, which is why I’m writing this in the registration process.

[email protected]

And I got this


文章来源: https://infosecwriteups.com/how-i-bypassed-the-registration-validation-and-logged-in-with-the-company-email-14eb12c45fb5?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh