[WEB SECURITY] Sensitive Info in POST and Security Concerns
gautam.edu at gmail.com
Thu Jun 27 02:01:58 EDT 2013
I was recently reviewing code for a friend and some logs generated.
i noticed there was 16 digit number in the url. While I am sure this would
be a major bug if it was in the GET since this would be cached by the
browser when its accessed.
I wanted to wkno what is the risk and opinion about security guys here if i
spot this is a POST.
Here is a sample.
So technically this post request send a full 16 digit account number and i
response the page displays the information to the caller.
Let me know your comments.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity