Session token sent in url

Home » blog » Session token sent in url

Description

During the scan, Kayran managed to find Session token sent in URL.

Sensitive information within URLs could be logged in various locations, including the user’s browser, the webserver, and any forward or reverse proxy servers between the two endpoints.

Bussines Impact

This vulnerability could allow attackers to redirect users to a malicious website and open up a wide array of attack vectors.

Recommendation

Applications should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Reference

https://cwe.mitre.org/data/definitions/200.html

Baby steps – getting into the PT industry

By raising hands please tell me ; WHO LIKES MONEY ? I bet none of you kept his hand low, and that’s fine, we love

Models – CIA and AAA

The field of information security is based on a number of basic principles that are important for us. Each principle is part of two main

GETting it – POSTing it

No one likes things to get mixed up, creating confusion and misunderstandings, and sometimes even make our arguments seem a bit silly in the heat

Terms and Topics in Cybersecurity that you should know

The Cybersecurity field is one of the fields that has been growing rapidly and steadily in recent years, as the demand for it grew more

Information Disclosure – Self revealing our Secrets

Remember those tired Devs? Well, sometimes they tend to make mistakes, as mentioned before, but imagine, writing everything important to you on a wall visible

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

WEB APPLICATION VULNERABILITY SCANNER