Name: Repetitive Registration
Description: Follow the DRY principle while registering a user.
Difficulty: 1 star
Category: Improper Input Validation
Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html
Burp Suite, FoxyProxy
A quick google search revealed that the “DRY Principle” means Don’t repeat yourself. So while registering a new user, I shouldn’t repeat myself. But I repeat myself…
In that case, let’s create a new user.
Now, let’s take a look at what’s being sent to the server by opening Burp and setting up FoxyProxy.
Let’s see what happens when we modify the contents of the password repeat field to “literally_nothing” and submit it.
Prevention and mitigation strategies:
If your client-side forms validate that the passwords match, there isn’t really a reason to send both pieces of data to the server. It’s not useful for anything and just adds to your attack surface.
Lessons Learned and Things Worth Mentioning:
- Not every piece of data needs to be sent to the server, especially if it’s not used for anything once it gets there.
- Dad jokes. I has them.