Cobalt Vulnerability Wiki

1) Click on reset the password on the application 2) Intercept the HTTP request in Burp Suite 3) Change the Host field to www.evilsite.com 4) If step 3 doesn’t work out then add a new header X-Forwarded-Host: evil.com in the request. 5) The user will get a link like http://evil.com/reset_password/token when they click on it, and the attacker receive the reset password token and hijack the user account