未经许可,不得转载。
文章目录
-
-
- 正文
-
正文
测试一个子域名,在测试过程中,它的密码重置功能引起了我的注意。URL 如下所示:
/reset-password
输入我的电子邮件,捕获的请求如下所示:
POST /reset-password HTTP/1.1
Host:
Connection: close
Content-Length: 153
Cache-Control: max-age=0
sec-ch-ua: "Not A(Brand";v="99", "Brave";v="121", "Chromium";v="121"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safar