User name is already exist

السلام عليكم ورحمة الله وبركاته

Peace upon you everybody,

in this small write-up, we will discuss a bug that allowed me to bypass the low-implementation captcha mechanism in the registration form.

In the sign-up form we enter username, email, password and solve the captcha function, what’s wrong is 2 major problems:

1- captcha was only 3 chars and only alphabet no numbers no special chars

2- once user sign-up and before confirming email with the link, a user gets registered in the DB forever

so what I did is that, with crunch I calculated all possible permutations with 3 alphabet chars it equals nearly 17500 Possibilities with crunch and send it to intruder .

what if we tried to register with all possible username we just have about 17500 Possibilities to bypass the captcha and hence we can block any next user from registering with the site “user name already exist”.

Steps:

1- go to the sign-up page, enter dummy data and send the request to burp intruder tab

2- with crunch generate with minimum and maximum of 3 chars and all alphabet chars

3- specify captcha parameter in the intruder and paste crunch output to the payloads section

4- hit “start attack” and watch the server’s response length

once it changed, we hit the right captcha and username created successfully….

and that’s it

thank you for reading! hope you enjoyed it…

Related posts:

When will it be normal again?. “when will it be” is published by passes In flee.

All I know is that at some point I began to recognize that I felt more like a piece of unfeeling stone than a living, empathizing human being. I remember that, prior to entering university, I could…

This guide is designed for ONTO Wallet users who wish to mine WING tokens in the Ethereum Flash Pool by supplying, borrowing, or insuring assets. To start, make sure your ONTO wallet is up to date…