Axewater Sharewarez Host Header Injection Vulnerability in Password Reset Component

A host header injection vulnerability has been identified in the password reset feature of Axewater Sharewarez version 2.4.3. This vulnerability allows remote attackers to manipulate the host header, leading to password reset poisoning and potential account takeover. The issue arises because the application generates reset links using the incoming host header without a fixed server name, allowing attackers to redirect links to a domain they control and steal valid reset tokens.

Impact

Exploitation of this vulnerability could lead to unauthorized account access by allowing attackers to reset passwords using stolen reset tokens.

Reproduction

To reproduce this vulnerability, intercept a password reset request and modify the host header to point to a controlled domain. After the request is processed, the victim will receive a password reset email containing a link with a valid reset token. When the victim clicks the link, the token is sent to the attacker's server, where it can be used to reset the victim's password and gain access to their account.