Book of BugBounty Tips

Powered by GitBook

On this page

Password Reset

PreviousMobile NextWeb Cache

Last updated 3 years ago

https://twitter.com/HusseiN98D/status/1254888748216655872
https://imranparay.blogspot.com/2018/09/testing-password-reset-functionalities.html

I was testing for ATO via reset function . Tried all method but no success. My friend@Tabnexa gave me tip to add double Host in request while requesting password Host: http://site.com Host: http://evilsite.com Boom it worked
Password reset poisoning -