The application caches sensitive form fields. Form field data is cached during an HTTP POST request and can be replayed by clicking the browser’s Back or Refresh buttons. This will cause the browser to resubmit the POST request and resend the data. An attacker with local access to the browser can use this vulnerability to access the sensitive data.
An attacker with local access to a user’s machine is able to exploit this vulnerability by causing the browser to resubmit the form data. This information can be easily captured using a local proxy to intercept the traffic. If the form includes authentication information, the attacker can resubmit the request and login as the user. Once the attacker can impersonate the user, they can gain access to sensitive information and functions.
How To Test
Sample Report Screenshots
Time Saving Tips