Intro 9 | Defend the Web
2 min readJul 8, 2022
Don’t reset password, just email plaintext credentials to yourself
Problem
Alright another username/password entry with a third mysterious box. We can request the password via email, which is a bad idea, but let’s exploit it. Only knowledge is understanding of HTML forms and how to manipulate HTML elements.