Targeting websites with Password Reset Poisoning

0 minutes

What is Password Reset Poisoning?

Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify the host …

Advertisements

The post Targeting websites with Password Reset Poisoning appeared first on blackMORE Ops.



Source: blackMORE Ops – Targeting websites with Password Reset Poisoning

Advertisements