Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-14 17:07:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2020-10-07 09:34:02 +00:00 committed by gitbook-bot
parent 0eef8b5a63
commit 7b64b4fca5
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -421,6 +421,6 @@
* [1911 - Pentesting fox](1911-pentesting-fox.md)
* [Online Platforms with API](online-platforms-with-api.md)
* [Phising Documents](phising-documents.md)
* [Reset Password Bypass](reset-password.md)
* [Reset/Forgoten Password Bypass](reset-password.md)
* [Stealing Sensitive Information Disclosure from a Web](stealing-sensitive-information-disclosure-from-a-web.md)

6
reset-password.md
View file

@ -1,4 +1,6 @@
# Reset Password Bypass
# Reset/Forgoten Password Bypass
## HTTP Headers
Sometimes in order to reset a password you contact an api endpoint and **send the email you want to reset the password**, like in the following example:
@ -9,3 +11,5 @@ For example, in this case if could send the reset password email to _something@g
Example from [https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491](https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491)
In other occasions you can manage to obtain the **same** **results** modifying the domain used in the **Referer header like in** [**here**](https://medium.com/bugbountywriteup/fun-with-header-and-forget-password-without-that-nasty-twist-cbf45e5cc8db)**.**