Description
During the scan, Kayran managed to find Session token sent in URL.
Sensitive information within URLs could be logged in various locations, including the user’s browser, the webserver, and any forward or reverse proxy servers between the two endpoints.
Bussines Impact
This vulnerability could allow attackers to redirect users to a malicious website and open up a wide array of attack vectors.
Recommendation
Applications should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.