Don't Trust the Host Header for Sending Password Reset Emails

Nino |

Introduction

  1. 获取victim email
  2. 篡改password reset 的HOST header为attacker.com
  3. Victim收到Password reset email
  4. 当victim访问reset url, token就会被泄露。

Ref

Don't Trust the Host Header for Sending Password Reset Emails | Lightning Security

Show Comments