https://twitter.com/HusseiN98D/status/1254888748216655872arrow-up-right
https://imranparay.blogspot.com/2018/09/testing-password-reset-functionalities.htmlarrow-up-right
I was testing for ATO via reset function . Tried all method but no success. My friend@Tabnexaarrow-up-right gave me tip to add double Host in request while requesting password Host: http://site.comarrow-up-right Host: http://evilsite.comarrow-up-right Boom it worked
Password reset poisoning -
Last updated 4 years ago
