> For the complete documentation index, see [llms.txt](https://gowsundar.gitbook.io/book-of-bugbounty-tips/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gowsundar.gitbook.io/book-of-bugbounty-tips/password-reset.md).

# Password Reset

* <https://twitter.com/HusseiN98D/status/1254888748216655872>
* <https://imranparay.blogspot.com/2018/09/testing-password-reset-functionalities.html>

![](/files/-M8knTK0QuqyG_Y4twx-)

* I was testing for ATO via reset function . Tried all method but no success. My friend[@Tabnexa](https://twitter.com/Tabnexa) gave me tip to add double Host in request while requesting password Host: [http://site.com](https://t.co/dvXCaGaJhC?amp=1) Host: [http://evilsite.com](https://t.co/Z4ZW3Omfmw?amp=1) Boom it worked
* Password reset poisoning -&#x20;

![https://twitter.com/fatrat\_v2/status/1274387798338891776?s=20](/files/-MT4ImCD01bbGGeGr78_)
