Password Reset
Last updated
Last updated
Email Flooding or mail bombing
Source: https://x.com/bountywriteups/status/1843358474568421449?t=EAe-IUTLEhIKVjz9YK9cYQ&s=03
Create your account on target Site.
Request for a forget password token.
Don't use that link
Instead logged in with your old password and change your email to other.
Now use that password link sents to old email and check if you are able to change your password if yes than there is the litle bug.
Source: https://x.com/bountywriteups/status/1843186551968399632?t=wf0m1BGx--rn6kZWTzB0Tg&s=03
Check if the token is reflected back in the response
Use another email's token on your victim's reset link
Try used tokens
Remove the token and check
Insecure token: MD5($email) or insecure uuid - version 1
Original Request
Original Response HTTP/1.1 200 OK
Try adding .json extension
Modified Request
Modified Response
Add X-Forwarded-Host: attacker.com
Host: Attacker.com
1- Ask for reset password link
2- Click on the link and add new password
3- Intercept the request with burpsuite
4- Found parameter called email
5- Replaced my email to victim email
6- Found the password of the victim changed
