University of Oxford web Portal Vulnerability -Host header Poisoning

logo
  1. ) Open up Firefox and Burp Suite.)
    2.) Visit the forgot password page (/user/request_reset_password)
    3.) Enter the victim’s email address and click Reset and Email Password
    4.) Intercept the HTTP request in Burp Suite & change the Host Header to your malicious site / server.
Proof of concept

--

--

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adesh Kolte

Adesh Kolte

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018