Hackers can reset user passwords with this exploit..

Tech Raj

burp suite ethical hacking forgot password hackthebox host header injection machine password reset exploit password reset vulnerability reset password of a user tech raj

description

Checkout AppMySite and convert your website to native mobile app in minutes!: https://bit.ly/47Btmvy

In this video, I demonstrate Host Header Injection and how hackers exploit this vulnerability to reset passwords of users on a website.

DISCLAIMER: This video is intended only for educational purposes. The concepts showcased in this video are completely from a penetration testing perspective. I do not promote or encourage any illegal hacking activities.

Host header injection vulnerability exists when a website takes the Host value from the request header and processes it in an operation like construction the password reset URL for a user. When this happens, the request is directed to the attacker's server instead of the actual web server of the website.

In this video, I showcased this vulnerability on a retired HackTheBox machine called Forgot. Check out this machine here: https://www.hackthebox.com/machines/forgot

Thanks for watching! SUBSCRIBE for more videos!

Join my Discord: https://discord.gg/6TjBzgt Follow me on Instagram: https://instagram.com/teja.techraj Website: https://techraj156.com Blog: https://blog.techraj156.com ... https://www.youtube.com/watch?v=PSWOcWChV-g

created

2023-08-16

staked

0.0 LBC

license

Copyrighted (contact publisher)

File size

18497576 Bytes