killchain-compendium/Exploits/Web/PHP Password Reset.md

5 lines
227 B
Markdown
Raw Normal View History

2022-11-13 22:52:30 +01:00
# Password Reset
* Using a password reset while inserting an email address via GET and POST method.
* `$_REQUEST` as an array favors POST over GET. So, sending the attacker email address via POST with the GET query parameter.