High Severity | CWE-598
🟠 Sensitive Data in URL (Session Token)
🧠 Description
Sensitive data like session tokens, JWTs, or authentication credentials are transmitted in URL query strings. This exposes the data in browser history, server logs, referrer headers, and proxy logs.
Impact: Session Hijacking, Account Takeover, Sensitive Data Exposure
🎯 Attack Surface
- URL query parameters containing tokens
- PATH parameters with sensitive IDs
- Email verification links
- Password reset links
- File download URLs
🔍 Detection
- Check URLs for: token=, session=, jwt=, auth=, key=, id=
- Review browser history
- Check server access logs
- Review referrer headers in analytics
🛡️ Mitigation
✅ Use POST for sensitive data transmission
✅ Use HTTP-only, Secure cookies for sessions
✅ Implement HSTS to prevent referrer leakage
✅ Rotate tokens frequently
✅ Use HTTP-only, Secure cookies for sessions
✅ Implement HSTS to prevent referrer leakage
✅ Rotate tokens frequently