.png)
9 months ago
48 BOOK THIS SPACE FOR AD
ARTICLE AD
I was testing authentication of a private documentation web application were you can make digital documentation and knowledge base for your organisation.
It was not a mature application i will not exposing this website i will call it target.com
Fyi: Not provided any screenshots
Only app.target.com was in the scope so i did some enumeration on the domain
Nmap scanDirectory fuzzingWeb archivesGoogle dorksNot get anything so i get bored and decided to analyse the rest tomorrow.
I was testing authentication flow of the application. I created a account
Enter email id and other detailsSubmitYou will get confirmation link in email addressYou can click on the link and link will redirect to app.target.comI proxied every request via burp and looked at the request with post method specifically one that parses email id and other detais when creating account
I have send the request to repeater and just changed email id to another temp email address
So do you know what happened?
I will tell you i am able to create a account with that email id and email verification has been bypassed
Simple right?
The email verification was not implemented on the server side . The verification that i was faced only implemented on clide side . I was able to bypass that via using burp by only sending it with repeater allowed me to create a account with what ever email i choose without verification. I also created account with administrator@target.com 😄
Junk users —Attacker able to create so many users and can fill the database with all that spammer junk or use that account for malicious intentImpersonation — attacker can create a account with another person email address and impersonate as them (use full in social engineering cases)
Bengali (Bangladesh) · 
English (United States) ·