FirstBlood-#50Account takeover via re-register with the same username
This issue was discovered on FirstBlood v1

On 2021-05-09, parisk Level 4 reported:

hi i found an account takeover via re-register with the same username on your flatform

  • step to reproduce
  1. create an account with the invite code: F16CA47250E445888824A9E63AE445CE. after that save your username and password. then login to account to check that it worked

  2. re-register with the same username in the step 1 and the invite code. then save username and password again. you can see that the account in the step 1 didn't work anymore and the account in this step working

*impact if by someways, attacker can obtain victim username, then he can take over victim account forever

  • the invite code is in the internet so it do not hard to leak

  • remediation -do not allow re-register if the username existed on the system

P2 High

Endpoint: register.php

Parameter: none

Payload: none

FirstBlood ID: 17
Vulnerability Type: Auth issues

Unintended: An account with the same username can be created which leads to the original account being deleted and replaced with the attackers

Report Feedback


Creator & Administrator

Nice find, I actually did add some code to prevent this but it seems it didn't work correctly , so i've added it as an unintended and i'm awarding you a bounty :)