Testing for Password Reset Poisoning in APIs – A Bug Hunter’s Guide
Video Not Working? Fix It Now
This video covers multiple methods to identify and exploit password reset poisoning vulnerabilities in web applications and APIs with deep analysis.
.
.
.
.
.
My Blog: https://medusa0xf.medium.com/
.
.
.
Social media:
Twitter: https://twitter.com/medusa_0xf
.
.
.
Discord: https://discord.com/invite/2PUPD3RHHs
.
.
.
Links in the Video:
https://github.com/projectdiscovery/interactsh
https://hackerone.com/reports/1108874
https://hackerone.com/reports/342693
https://shahjerry33.medium.com/http-parameter-pollution-its-contaminated-85edc0805654
https://hackerone.com/reports/106024
.
.
.
.
Introduction: 0:00
HTTP Host Header Injection: 0:13
Flow Analysis: 2:03
Method 1: 4:11
Method 2: 6:40
Method 3: 9:32
Final Thoughts: 11:31
.
.
.
Music by Karl Casey @ White Bat Audio
.
.
#owasp #jwt #api #subdomain #portswigger #bugbounty #bola #postman #podcast #pentesting #api #hack #bola #tryhackme #hackerone #apihacking #computerscience #javascript #python #postman #ctf #bughunting #pentesting #hacking #hackingtools #burpsuite #portswigger #ethicalhacking #OAuth #webhacking #programming #websecurity #technology #practical #artificialintelligence #web #recon #bypass
Comment
