
-=[ Registration Attacks : Rogue Anatomy]=-
============================================
Triosec , SecNiche Security


The registration attacks are on high now days.It actually comprise of the 
definitive manipulation in the databases through fake user registration. 
The database is flooded with users through poorly coded registration pages. 
You might have seen many registration pages with input arguments as username, 
password, email , address etc. The specified arguments are placed as controls 
on web page. The attackers are very crafty in their approach of infecting the 
web applications. The coders are bit helpful to hackers in accomplishing these 
types of attacks. The point is 80% of coding uses same ID's for these controls. 
Why this is so? It is there and let’s see how it helps in attack.

The attackers know most of the time the username control ID definitely be txtUser 
or txtUserName. Same as that with password control i.e. txtPass or txtPassword. 
The IDs can also be undertaken by looking at page source. So it’s very hard to 
prevent the ID information disclosure through web applications. The attacker one 
or the other way play trick to extract that information. The attacker mainly requires 
only those ID that are necessary to apply. Usually registration process lays stress 
on certain parameters other can be left vacant. The flooding is possible as:

1. Attacker can simulate that registration page through a well designed application in            
 which the web application page is loaded into the browser during loading of form.

	The page can be fetched as:

	String url="http://Target_URL/Registration.aspx";
	Object o = null;
	//fetch the page to your web browser.
    	WebBrowser1.Navigate (url, ref o, ref o, ref o, ref o);

2. The attack is undertaken through looping in which a random user is generated with 
relative random parameters and from is filled and submitted after a certain time interval. 

Web page is simulated through mshtml.HTMLDocument obj;

	while (TRUE)
	{
		Try 
		{
			Generate Random Values through GUID
		}
		Catch
		{
			Failed!
		}
	}

So within a span of time the website database is filled with fake registered user. It 
makes website prone to fake registration attack.


=======
0kn0ck