WRITEUP

The repository contains a detailed technical writeup of a host header injection vulnerability in the forgot password functionality of MEANStore 1.0. It explains how an attacker can manipulate the host header to send password reset links to an attacker-controlled server, leading to token leakage and potential account takeover.