all InfoSec news
Attacking Password Resets with Host Header Injection
April 12, 2023, 2:06 a.m. | IppSec
IppSec www.youtube.com
00:55 - Using Extension to show a legitimate password reset
01:50 - Modifying the host header and showing the website uses that in the sent email
02:40 - Talking about mail filters auto-clicking links, which means user interaction isn't always required
03:30 - Sending a password reset to one of my personal emails, to show a mail filter auto clicks the link
04:40 - Got our click! Checking the IP Address to …
address auto bot clicking clicks email emails extension filter header host injection introduction ip address isn link links mail password password reset personal reset talking vulnerability website
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)