Back to directory

WRITEUP #3738

Drupal Insecure Default Leads To Password Reset Poisoning

OtherPassword resetHost header injection

by@Bogdan___T(Bogdan Tiron)

Program

Drupal

Published

May 29, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://www.fortbridge.co.uk/research/drupal-insecure-default-leads-to-password-reset-poisoning/

▸ RELATED WRITEUPS

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Built with ❤️ by Shubham Rawat