Password field submitted using GET method

Description

During the scan,Kayran managed to found that password fields were sent using the GET method (in the URL).
It might lead to sensitive user information being disclosed.

An attacker could exploit this vulnerability to steal the victim’s password in Clear Text using MITM (Man In The Middle) or check the browser’s history.

Recommendation

To prevent this vulnerability, make sure that all sensitive information is being sent using the POST sending method.

References

https://cwe.mitre.org/data/definitions/598.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »