Attacking Password Resets with Host Header Injection

Name: Attacking Password Resets with Host Header Injection
Uploaded: 2023-04-12T02:06:19Z
Channel: IppSec
Description: 00:00 - Introduction talking a little bit about 00:55 - Using Extension to show a legitimate password reset 01:50 - Modifying the host header and showi...

IppSec · Beginner ·📰 AI News & Updates ·2y ago

00:00 - Introduction talking a little bit about 00:55 - Using Extension to show a legitimate password reset 01:50 - Modifying the host header and showing the website uses that in the sent email 02:40 - Talking about mail filters auto-clicking links, which means user interaction isn't always required 03:30 - Sending a password reset to one of my personal emails, to show a mail filter auto clicks the link 04:40 - Got our click! Checking the IP Address to show it was a bot 06:00 - Showing how easy this vulnerability can occur by having OpenAI Build us code! 07:45 - Verifying the code was indeed …

Watch on YouTube ↗ (saves to browser)

Chapters (10)

Introduction talking a little bit about

0:55 Using Extension to show a legitimate password reset

1:50 Modifying the host header and showing the website uses that in the sent email

2:40 Talking about mail filters auto-clicking links, which means user interaction i

3:30 Sending a password reset to one of my personal emails, to show a mail filter a

4:40 Got our click! Checking the IP Address to show it was a bot

6:00 Showing how easy this vulnerability can occur by having OpenAI Build us code!

7:45 Verifying the code was indeed vulnerable

8:45 Asking the AI ways to protect against this type of attack, the best way is to

10:37 Talking about the other ways to protect against this attack

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

Attacking Password Resets with Host Header Injection

Chapters (10)

Playlist

Lesson complete!