ResetHub builds password reset URLs using the HTTP Host header. Inject your own host to steal the reset token.
