killchain-compendium/exploit/web/php/password_reset.md

5 lines
227 B
Markdown

# Password Reset
* Using a password reset while inserting an email address via GET and POST method.
* `$_REQUEST` as an array favors POST over GET. So, sending the attacker email address via POST with the GET query parameter.