Session token sent in url

Description

During the scan, Kayran managed to find Session token sent in URL.

Sensitive information within URLs could be logged in various locations, including the user’s browser, the webserver, and any forward or reverse proxy servers between the two endpoints.

Bussines Impact

This vulnerability could allow attackers to redirect users to a malicious website and open up a wide array of attack vectors.

Recommendation

Applications should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Reference

https://cwe.mitre.org/data/definitions/200.html

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »