Password Reset

​https://twitter.com/HusseiN98D/status/1254888748216655872​
​https://imranparay.blogspot.com/2018/09/testing-password-reset-functionalities.html​
I was testing for ATO via reset function . Tried all method but no success. My friend@Tabnexa gave me tip to add double Host in request while requesting password Host: http://site.com Host: http://evilsite.com Boom it worked
Password reset poisoning - 
https://twitter.com/fatrat_v2/status/1274387798338891776?s=20
Mobile
Web Cache
Last modified 2yr ago