1. Mailbox not verified / cell-phone number

Mailbox not verified / Mobile phone number scenario ： At present, many applications are for the convenience of users to record their user names and passwords , You can use email and mobile number as user name .

therefore , Many applications require users to fill in when registering , In general , The application will send activation information , The user can log in after receiving the activation information  

However , Sometimes developers don't Don't check email / Whether the mobile phone number is valid , So you can take advantage of this defect , Register any account

After filling in the email , No activation information was found in email , And the mailbox can be directly used as the user login

Suppose this mailbox has been used , This will cause the mailbox to have two passwords , Both passwords can log in  

2. Bulk registration

Script batch registration causes server dos Application layer attack , Affect the normal use of the website , Usually, because there is no verification code on it or the verification code is unsafe, scripts can be written for batch registration

Case study ： When registering bp Grab the bag , Then blast the user name

Because there is no verification code or the verification code can be bypassed （ Too simple. ）, Send directly to intruder Module , Blasting , You can register accounts in batches

 3. Personal information forgery

If there is ID card information registration , It can be constructed arbitrarily to bypass ID card and name

The website itself has no authority to verify whether your ID card is right or wrong , Directly forge a greater than 18 You can bypass the anti addiction system at the age of  

 4. Front end verification audit bypasses

Fill in any registration information , The server will audit the registration information , For example, whether there are malicious labels , Judge the front end by returning the status , Once the value is edited, it can be bypassed

Steps are as follows ：1. Use the normal account to change the password , Get verification code , Fill in any verification code

2. Use bp Grab the bag , The server will return information such as verification code error , But we can use the correct information to replace （ Premise ： We normally changed the password once ）

The specific test method and verification code foreword verification are the same , No more details here

5. mailbox / Mobile number registration activation verification bypasses

To prevent malicious users from arbitrarily registering accounts , Most websites will enter email address in user registration / Verify the authenticity of the mobile phone number , But sometimes the returned verification code information will be directly hidden in the returned package , It's just not displayed on the front , Or you can change your mobile number by capturing packets / mailbox , Falsify this information , Hijack to authentication information

Take the return of a verification information as an example , The vulnerability is that when sending authentication information, the authentication information will be sent to the return package at the same time and used in the front end hidden Attribute hiding , So you can check the source code directly

 6. User name override

In penetration testing , This kind of situation can exist ： There is already a user name in the database called a 了 , But a new user has registered an account , The user name of the new user is also called a, But the developer did not prompt for duplicate user names , Instead, insert the data directly into the database , As a result, the user name of the old user is overwritten

When logging in to view, you get other user information of the user with the same name in the database , Lead to the disclosure of other user information , Or when the user name is verified to exist , The data obtained from the front end is different from the data obtained from the database , But when writing to the database, the same part is written

Pictured ,admin The user has two passwords , May lead to admin User is embezzled