Ali Express Vulnerability Disclose Millions Users Information
ecommerce security, data leakage, Disclose Millions Users Information, Ali Express Vulnerability, Ali Express security, hacking ecommerce site, hacking online shopping sites, Ali Express users data, security of ecommerce
Site having 300 million active users from almost over the world suffers from information disclosure vulnerability that puts million of users information under risk.
An Israeli application security researcher Amitay Dan have discovered the critical vulnerability on Ali Express, Researcher have reported the flaw to Ali Express and also provided the full disclosure of the vulnerability to Israel media and THN.
For better explanation of the bug Amitay have provided a video demonstration of the vulnerability which explain the details information about flaw.
According to the video Proof-Of-Concepts of the flaw, Ali Express allows logged in user to add/update their shipping address and contact number at the following URL i.e. http://trade.aliexpress.com/mailingaddress/mailingAddress.htm?mailingAddressId=123456
and here 123456 is the user Id. Researcher Amitay have changed the value of the mailingAddressId parameter with random digits, and this manipulation of the users ID leads to expose of the users information.
Ali Express site failed in validation and thus shows the respective users details on the same page. This was simple but was very critical as attacker can grab personal information of millions of users just by randomly changing the Users ID.