That’s how much your private information worth is!!!

                               Information Leakage of users while checkout Functionality

  1. So After purchasing the product and during checkout and specifying shipping address your web application sends a request to find the customer address and other information.


The Web Request which is send by the web application can be intercepted with the burp suite


The squared box area is the response send by the server. The Response contains user information such as name ,mobile number and address.


Similarly, Other User Information could be easily fetched by just changing the id parameter



All of these users information can be fetched by this simple python script.

Download the python script from here:

The password is Z00mbie

Running The Script Will Give you the information related to every user present in  the database


I reported to the company that is how they responded back


at this age i cant handle this amount of money and fame so i m returning it.

Screen Shot 2018-08-21 at 1.14.45 PM

Beware they don’t treat your information confidentially in terms of security.