You can now find Cyber Kendra on Google News | Telegram

Ali Express Vulnerability Disclose Millions Users Information

ecommerce security, data leakage, Disclose Millions Users Information, Ali Express Vulnerability, Ali Express security, hacking ecommerce site, hacking online shopping sites, Ali Express users data, security of ecommerce
One of the popular E-Commerce website AliExpress which is owned by suffers from a simple but critical Users information disclosure vulnerability. The vulnerability critical as it can expose any user's information without have the victim's account passwords.

Site having 300 million active users from almost over the world suffers from information disclosure vulnerability that puts million of users information under risk.

An Israeli application security researcher Amitay Dan have discovered the critical vulnerability on Ali Express, Researcher have reported the flaw  to Ali Express and also provided the full disclosure of the vulnerability to Israel media and THN.

For better explanation of the bug Amitay have provided a video demonstration of the vulnerability which explain the details information about flaw. 
According to the video Proof-Of-Concepts of the flaw, Ali Express allows logged in user to add/update their shipping address and contact number at the following URL i.e.
and here 123456 is the user Id. Researcher Amitay have changed the value of the mailingAddressId parameter with random digits, and this manipulation of the users ID leads to expose of the users information.

Ali Express site failed in validation and thus shows the respective users details on the same page. This was simple but was very critical as attacker can grab personal information of millions of users just by randomly changing the Users ID. 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.