You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a customer visits Cezerin, two signed cookies are set : landing_url and referrer_url.
The referrer_url cookie is set (signed) with the value of the Referer header but its missing validation, so any value will be set.
Now that we have a valid signed order_id cookie, if we import that cookie in the browser , we will get access to the customers cart , with all its details and you can also perform an attack on the objectId , listing carts that contain customer data ;
sample output on GET https://plusha.cezerin.net/ajax/cart
When a customer visits Cezerin, two signed cookies are set :
landing_url
andreferrer_url
.The
referrer_url
cookie is set (signed) with the value of the Referer header but its missing validation, so any value will be set.script :
save the above file as
cookie.js
and execute it like so :node cookie.js 62b9728e9352df6441630054
The script will output something like this :
Now that we have a valid signed order_id cookie, if we import that cookie in the browser , we will get access to the customers cart , with all its details and you can also perform an attack on the objectId , listing carts that contain customer data ;
sample output on GET
https://plusha.cezerin.net/ajax/cart
The
referrer_url
value should be validated before being set.The text was updated successfully, but these errors were encountered: