Slide 19 text
⬡ Now once the URL is loaded in the browser, it was working in the meant way. I
was able to reset my password.
⬡ Here in the given link, there was an email parameter, I tried changing it with the
⬡ After the change, once the URL is loaded in the browser, the application was
asking for 2fa code associated with the victim's account.
⬡ And parallelly it was sending a new password reset link to the both the mails
(Victims mail id and attackers mail id)
⬡ That password reset link was of victim’s account.
⬡ As I had the new reset link, I was able reset password of any account on the