The system sends sensitive information via URL parameters using the GET method. These parameters:
are stored in clear text in the browser history.
are sent to external sites via the referrer HTTP header.
are sent to external sites via the search bar if the browser interprets the URL as query.
are visible to scripts running on the browser that may belong to third-parties.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation