That’s how much your private information worth is!!!

                               Information Leakage of users while checkout Functionality

  1. So After purchasing the product and during checkout and specifying shipping address your web application sends a request to find the customer address and other information.

Picture1

The Web Request which is send by the web application can be intercepted with the burp suite

Picture2.png

The squared box area is the response send by the server. The Response contains user information such as name ,mobile number and address.

Picture2

Similarly, Other User Information could be easily fetched by just changing the id parameter

Picture4

 

All of these users information can be fetched by this simple python script.

Download the python script from here: https://filehost.net/2a1c7542c4f6b694

The password is Z00mbie

Running The Script Will Give you the information related to every user present in  the database

Picture7

I reported to the company that is how they responded back

 

at this age i cant handle this amount of money and fame so i m returning it.

Screen Shot 2018-08-21 at 1.14.45 PM

Beware they don’t treat your information confidentially in terms of security.