Cancel

Session hijacking -> Session Id In Url

By cyberkhalid

Posted 2022-01-01 1 min read

Session hijacking -> Session Id In Url

If you place a session token directly in the URL, it increases the risk of an attacker capturing and exploiting it. Anyone who follows that URL inherits the session. Therefore, session id should never be exposed in url.

bcl

As you can see, session id of a user was exposed in url.

References

https://www.acunetix.com/blog/web-security-zone/session-token-in-url-vulnerability/

WebApp And Api Pentesting, Session hijacking -> Session Id In Url

This post is licensed under CC BY 4.0 by the author.

Session hijacking -> Session Id In Url

Session hijacking -> Session Id In Url

References

Further Reading

XPATH Injection

DOM-based XSS

Reflected XSS