DerScanner
Home / Vulnerability Database / Objective-C : Information leak via GET request
Objective-C

Objective-C : Information leak via GET request

Classification

OWASP Mobile Top 10 2014
M4-Unintended Data Leakage
OWASP Mobile Top 10 2016
M2-Insecure Data Storage
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (e)(1)
CWE
CWE-598

Overview

The application uses a GET-request instead of a POST-request to transfer data to the server.

Using a GET-request means that the URL and the request parameters may be stored in the browser cache, the server cache, and the cache of intermediate proxy servers. This may lead to the data leak. An attacker can obtain information about the structure of the request and draw conclusions about the architecture of the application, the names of the database tables, and use this information for the attack.

References

  1. CWE-598: Information Exposure Through Query Strings in GET Request
  2. HTTP Methods: GET vs. POST - w3schools.com
  3. The Definitive Guide to GET vs POST - teamtreehouse.com
  4. OWASP Mobile Top 10 2016-M2-Insecure Data Storage
MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Information leak via GET request in your application?

See also

Objective-C

Objective-C : Internal information leak

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection