Use of GET Request Method With Sensitive Query Strings in fisharebest/webtrees

Valid

Reported on

Sep 5th 2021

✍️ Description

Sensitive data including username and email address is passed as query strings through GET request during registration. When the given email or username exists the database at the time of user registration, The application passes the given username and email address through GET request to the server.

🕵️‍♂️ Proof of Concept

GET Request

💥 Impact

Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL. This allows attackers to obtain sensitive data such as usernames, passwords, tokens (authX), database details, and any other potentially sensitive data. Simply using HTTPS does not resolve this vulnerability.

Occurrences

webtrees L1

References

Information exposure through query strings in url

We have contacted a member of the fisharebest/webtrees team and are waiting to hear back 2 years ago

Greg Roach validated this vulnerability 2 years ago

Melbin Mathew Antony has been awarded the disclosure bounty

The fix bounty is now up for grabs

Greg Roach marked this as fixed with commit ad5316 2 years ago

Greg Roach has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation