Description

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

The query string for the URL could be saved in the browser’s history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-201

Consequences

Confidentiality: Read Application Data

At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers.

Potential Mitigations

Phase: Implementation

Description: 

When sensitive information is sent, use the POST method (e.g. registration form).

CVE References