Password Reset

• https://twitter.com/HusseiN98D/status/1254888748216655872

• https://imranparay.blogspot.com/2018/09/testing-password-reset-functionalities.html

• I was testing for ATO via reset function . Tried all method but no success. My friend@Tabnexa gave me tip to add double Host in request while requesting password Host: http://site.com Host: http://evilsite.com Boom it worked

• Password reset poisoning -

https://twitter.com/fatrat_v2/status/1274387798338891776?s=20