GitBook: [master] 2 pages and one asset modified
This commit is contained in:
parent
4a54650526
commit
015ef42972
Binary file not shown.
After Width: | Height: | Size: 34 KiB |
|
@ -406,4 +406,5 @@
|
|||
* [1911 - Pentesting fox](1911-pentesting-fox.md)
|
||||
* [Online Platforms with API](online-platforms-with-api.md)
|
||||
* [Phising Documents](phising-documents.md)
|
||||
* [Reset Password](reset-password.md)
|
||||
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# Reset Password
|
||||
|
||||
Sometimes in order to reset a password you contact an api endpoint and **send the email you want to reset the password**, like in the following example:
|
||||
|
||||
![](.gitbook/assets/1_6qc-agcjyzwmf8rgnvr_eg.png)
|
||||
|
||||
The back-end may take the information present in the **Host header** and use it for the link where the token to reset the password is going to be sent.
|
||||
For example, in this case if could send the reset password email to _something@gmail.com_ and set the token link to _https://bing.com/resetpasswd?token=12348rhfblrihvkurewfwu23_
|
||||
|
||||
Example from [https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491](https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491)
|
||||
|
Loading…
Reference in New Issue