Cross Domain Referrer Leakage

  1. Go to Password Reset area and send forget password link to your email address.
  2. Copy the password reset link and paste in browser to which Burp-suite is configured.
  3. Now turn on the intercept and capture the request.
  4. First check for referrer header, then check for password reset link in that header. If you find link in referrer header then check host.
  5. If there is complete password reset link including token, and host is third party website, it is vulnerability.
Request will look like this

--

--

--

I am bug bounty hunter at Hackerone :)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

WalletSwap Presale 3

{UPDATE} Candy Sweet Smash Hack Free Resources Generator

DuckDuckGo User Review (Pros, Cons & Other Services)

ATT&CK Use Cases with MaGMa!

MITRE ATT&CK Logo

{UPDATE} Funny Solitaire Card Hack Free Resources Generator

Release the FQTs!

{UPDATE} Mirror cakes Hack Free Resources Generator

Data Breaches Are Victimizing Consumers. States Are Leading The Way In Protecting Them.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohsinalibukc

Mohsinalibukc

I am bug bounty hunter at Hackerone :)

More from Medium

HTTP VERB TAMPERING:

Privilege Escalation | Kenobi Walkthrough | Part 2

Jumping in Headfirst

My mindset while hunting on Yandex and my SSRF