Writeup: Password reset poisoning via middleware
Lan link. The lab description says it is vulnerable to a password reset poisoning vulnerability. At first, we reset the password of the wiener user to understand the system structure. Specifying username in the POST /forgot-password request is enough to request a password, if we can manipulate this request with X-Forwarded-Host, the email for username …