Top Registration bug Thread 🧵:👇 Here is how to find an account takeover : 1) Duplicate registration overwrite existing user by using specific keywords and even work with bigger characters {"email":["[email protected]","[email protected]"]} , %20 , %00 #BugBounty #BugBountytips #infosec #BUGS

2) Dos at name /password field in sign up page using multiple hard and long strings 3) xss in username, email , phone no fileds ["');alert('XSS');//"]@xyz.xxx ; +441134960000;phone-context=<script>alert(0)</script>

4) no rate limit on the signup page form different 1000 email id and mass dump of email id else emailid+$$@ victime.com bombarding of victim email form reset password links leading to the server to creat a Unick sting every time leading DDoS to server