Use of GET Request Method With Sensitive Query Strings
This vulnerability occurs when a web application handles sensitive data, like passwords or session tokens, by passing them within the URL's query string using an HTTP GET request.
Using GET requests for sensitive information is risky because the full URL, including the query string, is logged in browser histories, web server logs, and often in the referrer headers sent to third-party sites. This exposes credentials, tokens, or personal data to anyone with access to those logs, making it a common source of data leaks. Attackers can also trick users into clicking malicious links containing pre-filled sensitive parameters. To fix this, always use POST requests (or other appropriate HTTP methods) with the sensitive data placed in the request body, and ensure proper HTTPS encryption is enforced. While SAST and DAST tools can detect this pattern, managing remediation across a large codebase is challenging. An ASPM platform like Plexicus can automatically identify these flaws in your entire application portfolio and use AI to generate specific remediation guidance, streamlining the fix process.
Impact: Read Application Data
At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers.
- Software Fault Patterns