- Create an account on the target website.
- Logout from your account.
- Go to login page and click on
forgot password. - Enter your email and click on reset password.
- You should have email received in your inbox. Right click to copy link address for changing password.
- Keep the address saved somewhere.
- Now, change the password using the link.
- Try changing the password again using the same link at a incognito tab. If the password can be changed, there is a vulnerability.