GitBook: [master] one page modified

This commit is contained in:
CPol 2021-03-22 09:20:53 +00:00 committed by gitbook-bot
parent f7d062d134
commit ebf2385013
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF

View file

@ -13,3 +13,5 @@ Example from [https://medium.com/@abhishake100/password-reset-poisoning-to-ato-a
In other occasions you can manage to obtain the **same** **results** modifying the domain used in the **Referer header like in** [**here**](https://medium.com/bugbountywriteup/fun-with-header-and-forget-password-without-that-nasty-twist-cbf45e5cc8db)**.** In other occasions you can manage to obtain the **same** **results** modifying the domain used in the **Referer header like in** [**here**](https://medium.com/bugbountywriteup/fun-with-header-and-forget-password-without-that-nasty-twist-cbf45e5cc8db)**.**
Or even adding the header **X-Forwarded-Host** you can be able to steal the reset password token from other accounts \(like [here](https://infosecwriteups.com/password-reset-token-leak-via-x-forwarded-host-4ed3e33dca31)\).