6Eki
Host Header Attack -> Password Reset Poisoning -> ASP.NET Web API 2 hosted as Azure App Services
I’m currently testing a site where the host header is used for creating a recovery email link. However, when I try to manipulate the host header in Burp I get an HTTP 400 message saying I’m using an invalid hostname. I get this error even …