Unauthenticated Account Takeover Through HTTP Leak
↳ https://medium.com/@mrnikhilsri/unauthenticated-account-takeover-through-http-leak-33386bb0ba0b
If you notice the request, emailBody used a template. Lets first test, if we can control this value and try injecting html. As you can see, we can control the emailBody and User’s input used in the email templating is not sanitized (HTML injection)….
from Hack+ http://bit.ly/2KzSBYO
via IFTTT
Няма коментари:
Публикуване на коментар