Sumeru Cyber Security
  • Sumeru Cyber Security
  • Workarounds for prevalent vulnerabilities
    • Version Disclosure
    • Host Header Attack
    • HttpOnly and Secure Flag
    • Security Headers
    • Clickjacking
    • Weak Password
    • Username Enumeration
    • jQuery Outdated
    • Cross-Origin Resource Sharing
    • AWS S3 Bucket Misconfiguration
    • Directory Listing
    • Laravel Debug Enabled
    • Autocomplete and Remember Password Enabled
    • Brute Force Attack
    • Cross Site Request Forgery
    • SQL Injection
    • PhpMyAdmin page Available Publicly
    • Implementation of BASIC Authentication
    • Cache Browsing
    • Insecure Direct Object Reference
    • Active mixed content over https
    • Improper forgot password implementation
    • ASP.NET Debug Enabled
    • Sensitive Data Sent in GET Request
    • Weak CAPTCHA Implementation
    • Csv Injection
    • Cross Site Scripting
    • Web Server Robot.txt Information Disclosure
    • SSL Related Issues
    • Local File Inclusion
    • Weak CAPTCHA Implementation
    • Automated Form Submission
    • Php.ini File Available Publicly
    • ITLP
    • Internal Path Disclosure
    • Insecure Direct Object Reference
    • Access Token Not Expiring After Logout
  • OWASP A09-Security Logging and Monitoring Failures
  • OWASP API09-Improper Inventory Management v1.0
Powered by GitBook
On this page
  • Introduction
  • How to Test
  • Solution
  • References

Was this helpful?

  1. Workarounds for prevalent vulnerabilities

Sensitive Data Sent in GET Request

Introduction

Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL. This allows attackers to obtain sensitive data such as usernames, passwords, tokens (authX), database details, and any other potentially sensitive data. Simply using HTTPS does not resolve this vulnerability.

How to Test

Here the sensitive details such as name, token and expiry details are passed in the URL.

https://vulnerablehost.com/authuser?user=bob&authz_token=1234&expire=1500000000

The parameter values for user , authz_token , and expire will be exposed in the following locations when using HTTP or HTTPS:

  • Referer Header

  • Web Logs

  • Shared Systems

  • Browser History

  • Browser Cache

  • Shoulder Surfing

Solution

When sensitive information is sent, use the POST method instead of GET request.

Here the ‘id’ parameter sent through the GET request

<a href="xyz?id=4"> click </a>

To convert GET to POST, simply change the link to a form

<form id="myForm" action="xyz" method="post">
<input type"hidden" name="id" value="4"/>
</form>

This form will not be visible and we can easily auto-submit it using JavaScript in our link

<a href="javascript:void document.getElementById('myForm').submit();"> click </a>

And most importantly both GET and POST are equally not secure over HTTP. To secure them, use HTTPS.

References

PreviousASP.NET Debug EnabledNextWeak CAPTCHA Implementation

Last updated 5 years ago

Was this helpful?

https://cwe.mitre.org/data/definitions/598.html
https://community.apigee.com/questions/41891/what-are-alternatives-for-passing-sensitive-data-i.html
https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url