Sensitive Data in Query String occurs when an application passes confidential information, such as passwords, session tokens, API keys, or personal data, within URL query parameters. Query strings are often logged by web servers, browser history, network devices, and analytics tools, potentially exposing sensitive information to unintended parties. This vulnerability is commonly found in GET requests where input values are appended to URLs instead of using secure POST methods or encrypted channels.

Common patterns leading to sensitive data exposure:

• Including passwords, authentication tokens, or API keys in URLs for login or API endpoints.
• Passing personally identifiable information (PII) such as Social Security numbers, email addresses, or payment data in query strings.
• Using GET methods for forms or actions that handle confidential data.
• Failure to enforce HTTPS, allowing query strings to be intercepted in transit.
• Lack of proper logging configuration, causing sensitive query strings to appear in server or proxy logs.

Impacts:

• Information Exposure: Sensitive credentials or personal data can be captured by attackers from logs, browser history, or network monitoring.
• Session Hijacking: Exposure of session tokens in URLs can allow attackers to impersonate users.
• Regulatory Non-Compliance: Leakage of PII may violate GDPR, PCI DSS, or other data protection laws.
• Phishing and Social Engineering: Exposed query strings can be used to craft targeted attacks against users.

Detection indicators:

• URLs containing sensitive values (?password=, ?token=, ?ssn=) in GET requests.
• Logs or browser history capturing confidential parameters.
• Repeated use of query strings for login or sensitive transactions.

Preventing sensitive data exposure in query strings requires secure handling of input and transmission:

1. Use POST Instead of GET for Sensitive Data
   Transmit confidential information in the request body rather than the URL to prevent logging in server and browser histories.

2. Encrypt Sensitive Data in Transit
   Always use HTTPS/TLS to encrypt requests and responses.

3. Avoid Including Secrets in URLs
   Do not pass passwords, tokens, API keys, or PII in query parameters. Use secure headers or session storage instead.

4. Short-Lived Tokens
   If tokens must be transmitted in URLs (rare), ensure they expire quickly and are single-use.

5. Secure Logging Practices
   Configure server, proxy, and analytics logs to avoid recording sensitive query strings.

6. Input Validation and Encoding
   Sanitize user inputs and encode values appropriately to prevent injection or manipulation.

7. User Education and Awareness
   Inform users not to share URLs containing sensitive information.

8. Security Testing
   Include automated scans and penetration testing to detect sensitive data in query strings.

CWE 598: Use of GET Request Method With Sensitive Query Strings