Password reset poisoning via dangling markup

Password reset poisoning is a header based attack, where an attacker can manipulate the URL/domain of a password reset link. In addition, by adding 'dangling HTML markup' into HTTP request header values during an application’s password reset process, the hacker is able to capture username/password information as well.

Dangling HTML is where standard HTML tags have not been completed with a closing ">. Therefore when injected into an HTTP response, the browser returns everything up to the next closing "> it encounters. Everything up until that character is treated as being part of the url and sent to the attacker's server within the URL querystring. As a consequence, the generated reset token, username, password or other sensitive information is captured and sent to the attackers server allowing the hacker to perform an account takeover.

The State Of Web Application And API Protection

The State Of Web Application And API Protection

This report uses survey data to examine organizations’ application and API security awareness, visibility, best practices and security strategies and looks at how different roles within a company view app security.

Read more

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center