Back Refresh Attack Vulnerability on QualysGuard- Your browser’s back button can do more than you think !!

Hello Guys !! Hope the new year started good for you all. Continuing my previous statement of sometimes functionality leads to vulnerability..”, I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios and certain dependencies which we will go through in later in the post.

What Actually this vulnerability is !!

As you have already noticed the back and forward buttons of the browsers. These buttons simply navigate you to through the pages you have visited during your browsing history. So definitely browsers have the ability to maintain a recent record of pages that a users visits during the session. The back and forward button on browsers use this functionality to display the pages recently browsed.

In addition browsers also keep track of variables that were sent to server(Even by a POST Request) while you fetched any page.

These attractive feature enhances the user experience definitely but can be very harmful if the applications doesn’t handle it properly.