all InfoSec news
Attacking Password Resets with Host Header Injection
April 12, 2023, 2:06 a.m. | IppSec
IppSec www.youtube.com
00:55 - Using Extension to show a legitimate password reset
01:50 - Modifying the host header and showing the website uses that in the sent email
02:40 - Talking about mail filters auto-clicking links, which means user interaction isn't always required
03:30 - Sending a password reset to one of my personal emails, to show a mail filter auto clicks the link
04:40 - Got our click! Checking the IP Address to …
address auto bot clicking clicks email emails extension filter header host injection introduction ip address isn link links mail password password reset personal reset talking vulnerability website
More from www.youtube.com / IppSec
HackTheBox - Analytics
1 month, 1 week ago |
www.youtube.com
HackTheBox - Manager
1 month, 2 weeks ago |
www.youtube.com
HackTheBox - AppSanity
1 month, 3 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Associate Manager, BPT Infrastructure & Ops (Security Engineer)
@ SC Johnson | PHL - Makati
Cybersecurity Analyst - Project Bound
@ NextEra Energy | Jupiter, FL, US, 33478
Lead Cyber Security Operations Center (SOC) Analyst
@ State Street | Quincy, Massachusetts
Junior Information Security Coordinator (Internship)
@ Garrison Technology | London, Waterloo, England, United Kingdom
Sr. Security Engineer
@ ScienceLogic | Reston, VA