Time to Reset - II
As announced, this is a sequel to the TTR challenge.
has proven that it is solveable, and an awesome exploit. Again you have to submit the password reset
token for the user email@example.com
Please note that your tokens are bound to your session.
You probably want to take a look at the sourcecode
, also available in a highlighted version
Thanks go to noother for proving that stuff can still be owned in creative ways :)