Tag Archives: Back Refresh Attack

Back Refresh Attack on QualysGuard- Your browser’s back button can do more than you think !!


Hello Guys !! Hope the new year started good for you all. 

Continuing my previous statement of "sometimes functionality leads to vulnerability..", I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios and certain dependencies which we will go though in later in the post.

What Actually it is !!

As you have already noticed the back and forward buttons of the browsers, these buttons simply navigate you to through the pages you have visited during your browsing history. So definitely browsers have the ability to maintain a recent record of pages that were visited by a user. The back and forward button on browsers use this functionality to display the pages recently browsed. In addition browsers also keep track of variables that were sent to server(Even by a POST Request) while you fetched any page.

These attractive feature enhances the user experience definitely but can be very harmful if the applications are insecurely written. 

Read more »

Share on Facebook11Tweet about this on TwitterShare on LinkedIn9Share on Google+0Share on Reddit0Pin on Pinterest0Digg this