Cross Domain Referrer Leakage

It is my first writeup so please ignore the mistakes.

I was searching for a program where I can test my skills and finally got it, I can’t disclose the program name so I will call it “target”.

I tried all my skills on finding IDOR, CSRF, XSS etc. but it is secured. Then I go to password reset area, user enumeration & victim flooding is out of scope. Finally I go for Cross Domain referrer Leakage.

What is Cross Domain Referrer Leakage?

I am here to discuss how to reproduce it, not for discussing what this vulnerability is, so for understanding that you can read this:

Steps to Reproduce:

  1. Go to Password Reset area and send forget password link to your email address.
Request will look like this

I reported this to target website and finally get a reward of 300 USD :)

Thanks :)

I am bug bounty hunter at Hackerone :)