Use of GET Request Method With Sensitive Query Strings in fisharebest/webtrees

Valid

Reported on

Sep 5th 2021


✍️ Description

Sensitive data including username and email address is passed as query strings through GET request during registration. When the given email or username exists the database at the time of user registration, The application passes the given username and email address through GET request to the server.

🕵️‍♂️ Proof of Concept

GET Request

💥 Impact

Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL. This allows attackers to obtain sensitive data such as usernames, passwords, tokens (authX), database details, and any other potentially sensitive data. Simply using HTTPS does not resolve this vulnerability.

Occurences

We have contacted a member of the fisharebest/webtrees team and are waiting to hear back 3 months ago
Greg Roach validated this vulnerability 3 months ago
Melbin Mathew Antony has been awarded the disclosure bounty
The fix bounty is now up for grabs
Greg Roach confirmed that a fix has been merged on ad5316 3 months ago
Greg Roach has been awarded the fix bounty