# Password Reset

* Using a password reset while inserting an email address via GET and POST method.
* `$_REQUEST` as an array favors POST over GET. So, sending the attacker email address via POST with the GET query parameter.