# Password Reset

* <https://twitter.com/HusseiN98D/status/1254888748216655872>
* <https://imranparay.blogspot.com/2018/09/testing-password-reset-functionalities.html>

![](https://1889062997-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LbWrDBBrbM1WtGeIKRO%2F-M8WWs5JSzEL1s0lZObW%2F-M8knTK0QuqyG_Y4twx-%2Fimage.png?alt=media\&token=7b5198b4-0e95-471b-88ae-0f69a8150e64)

* I was testing for ATO via reset function . Tried all method but no success. My friend[@Tabnexa](https://twitter.com/Tabnexa) gave me tip to add double Host in request while requesting password Host: [http://site.com](https://t.co/dvXCaGaJhC?amp=1) Host: [http://evilsite.com](https://t.co/Z4ZW3Omfmw?amp=1) Boom it worked
* Password reset poisoning -&#x20;

![https://twitter.com/fatrat\_v2/status/1274387798338891776?s=20](https://1889062997-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LbWrDBBrbM1WtGeIKRO%2F-MT4CP9hnP-3eVcDB7uu%2F-MT4ImCD01bbGGeGr78_%2Fimage.png?alt=media\&token=e34643d0-80e4-4dac-a441-789c86e11c5e)