Biscuit's Bug Bounty Playbook
  • 👋Introduction to Biscuit's Bug Bounty Playbook
  • Mains
    • 🧾Resume For Cyber Security Freshie
    • 📗Browser extension
    • 📀POC Videos YT Channel
    • 📺55 YouTube Channels To Learn Hacking
    • 👀Hackers to Follow on Social Media
      • Twitter
      • Medium
      • YouTube
      • GitHub
      • Discord Server
      • Security GitBooks
    • 🏅Learn The Basics
      • 🎖️Type Of Cyber Security
      • 🥈Common Job Roles
      • 🥉Get Started With InfoSec
      • ⚕️Best Bug Bounty Platform
      • 🗞️Best InfoSec Writeups Website
      • 🍪Hacking Books
      • 🥂CLI Commands
      • 💿Learn WSL
    • 🧑‍💻Fun Programming Codes
    • 🔮Build your own Bug Bounty Methodology
    • 🎴Bug Bounty Checklist
  • Bug Bounty Reports & Articles
    • 0️⃣Index
    • 1️⃣Takeover's (Accounts, Sub-domains, etc)
      • 🚡Sub Domain Takeover
      • 🚠Account Takeover
      • 🚟dependency confusion vulnerability
    • 2️⃣IDOR (Indirect Object Reference)
    • 3️⃣Leaks & Disclosure (PII, API Key, etc)
    • 4️⃣Open Redirects
    • 5️⃣Request Forgery (CSRF & SSRF)
      • 🟢CSRF
      • 🔴SSRF
    • 6️⃣Injections (HTML, XSS, etc)
      • 🟡XSS
      • 🟠HTML Injection
      • 🟣CR/LF Injection
      • 🟢SSTI
    • 7️⃣Broken Access Control & Broken Authentication
      • ⚙️File Upload Functionality
      • ⚙️Password Reset Functionality
      • ⚙️2FA Functionality
      • ⚙️Oauth Functionality
      • ⚙️Bypassing
      • ⚙️Misconfiguration
    • 8️⃣Web Socket
    • 9️⃣Miscellaneous Reports
    • 0️Cloud
      • 🌩️AWS S3
    • 1️Low Hanging Fruits
    • 2️Cache Poising
    • 3️DOS/DDOS
  • Bug Bounty Platforms
    • 🐛BugCrowd
    • 🐞HackerOne
    • 🪲Intigriti
    • 🐜Open Bug Bounty
  • Exploiting Technologies
    • 0️⃣Introduction
    • 1️⃣Wordpress
    • 2️⃣GraphQL API
    • 3️⃣IDOR Vulnerability
    • Learn Android Hacking
Powered by GitBook
On this page
  1. Bug Bounty Reports & Articles
  2. Broken Access Control & Broken Authentication

Password Reset Functionality

PreviousFile Upload FunctionalityNext2FA Functionality

Last updated 5 months ago

7️⃣
⚙️
LogoSemrush disclosed on HackerOne: Password reset token leakage via...HackerOne
LogoAspen disclosed on HackerOne: Password reset token leak on third...HackerOne
LogoStripo Inc disclosed on HackerOne: Password token leak via Host headerHackerOne
LogoTOYOTA’s Password reset token and Email Address leak via Referer headerMedium
LogoPassword Reset Token Leak Via ReferrerMedium
LogoPassword reset token leak via “Host header and URL” on untrusted third party websiteMedium
LogoStory of Http password reset link for $500ByteBloggerBase
LogoAdmin Access Without Approval: BBC Studios' Critical Security FlawByteBloggerBase
Logo0 Click Account Takeover Via reset password weird behaviorMedium