Information Leakage of users while checkout Functionality
- So After purchasing the product and during checkout and specifying shipping address your web application sends a request to find the customer address and other information.
The Web Request which is send by the web application can be intercepted with the burp suite
The squared box area is the response send by the server. The Response contains user information such as name ,mobile number and address.
Similarly, Other User Information could be easily fetched by just changing the id parameter
All of these users information can be fetched by this simple python script.
Download the python script from here: https://filehost.net/2a1c7542c4f6b694
The password is Z00mbie
Running The Script Will Give you the information related to every user present in the database
I reported to the company that is how they responded back
at this age i cant handle this amount of money and fame so i m returning it.
Beware they don’t treat your information confidentially in terms of security.