Question: If the user clicks the forgot password link to reset the password, then gets redirected to a malicious site, given that the user forgot the password thus will not be able to provide login credentials so is the user safe from this kind of attack? And also most reset passwords links only requires email which is not so sensitive info.
Yes, in the case of password resets, most web applications ask for only the email address or username. However, since an email address is considered PII (Personally Identifiable Information), it’s a security vulnerability if it gets leaked in the response or URL. It’s still worth noting that if an attacker gains access to the email, they can chain multiple vulnerabilities together to launch further attacks. For example, if the web application lacks rate limiting and the attacker already has the username/email, they could perform a brute-force attack to guess the password. Another scenario could involve chaining an XSS vulnerability: if the user is already logged in, the attacker could exploit the reset password redirect. Even though the redirect is intended for password reset, it doesn’t matter-by using a JavaScript payload, the attacker could exfiltrate the user’s cookies, as I discussed in the video. I hope this clears up your doubt.
Expecting more of these! ❤︎
amazing video
Thank you!
Can you create a long video on how you hunt for bugs(manually hunting bac related bugs) on real world target?
I'll consider about that.
Please@@Medusa0xf
yes good idea
By the way, your voice is so pretty.
this is not real, its an text-speech-gen , her real voice is in the snake-bites podcast.
Question: If the user clicks the forgot password link to reset the password, then gets redirected to a malicious site, given that the user forgot the password thus will not be able to provide login credentials so is the user safe from this kind of attack? And also most reset passwords links only requires email which is not so sensitive info.
Yes, in the case of password resets, most web applications ask for only the email address or username. However, since an email address is considered PII (Personally Identifiable Information), it’s a security vulnerability if it gets leaked in the response or URL.
It’s still worth noting that if an attacker gains access to the email, they can chain multiple vulnerabilities together to launch further attacks. For example, if the web application lacks rate limiting and the attacker already has the username/email, they could perform a brute-force attack to guess the password. Another scenario could involve chaining an XSS vulnerability: if the user is already logged in, the attacker could exploit the reset password redirect. Even though the redirect is intended for password reset, it doesn’t matter-by using a JavaScript payload, the attacker could exfiltrate the user’s cookies, as I discussed in the video. I hope this clears up your doubt.
8 MINUTES FOR ONE SINGLE PAYLOAD WHICH EXISTS IN THE INTERNET FROM 2000
That's great that you understand, but not everyone does.