Host header Injection Through Password reset Page
Discovered by Nithissh.S
Vulnerable Version: 1.0
Vendor Homepage:
Bug Description:
An Attacker able to takeover any account through the password reset page by host header injection vulnerability
Step to Produce:
- Open reset link https://localhost/admin/forgot
- Now Add the victim email address and Intercept the Response
Request:
Response:
3. Thus Proves that there exists a Host header injection vulnerability
Impact:
The victim will receive the malicious link in their email, and, when clicked, will leak the user’s password reset link / token to the attacker, leading to full account takeover.
CVE Mitre -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43437