Password Reset Token Leak Via Referrer

# Exploitation Request password reset to your email address Click on the password reset link Dont change password Click on about us Intercept the request in burpsuite proxy Check if the referer header is leaking password reset token. # Impact It allows the person who has control of particular site to change the user’s password (CSRF attack), because this person knows reset password token of the user. # Reference: https://hackerone.com/reports/342693 https://hackerone.com/reports/272379 https://hackerone.com/reports/737042 https://medium.com/@rubiojhayz1234/toyotas-password-reset-token-and-email-address-leak-via-referer-header-b0ede6507c6a https://medium.com/@shahjerry33/password-reset-token-leak-via-referrer-2e622500c2c1 ## Impact It allows the person who has control of particular site to change the user’s password (CSRF attack), because this person knows reset password token of the user.