How I found read/write access to the personal data of 3 million users of an E-commerce website?

First things come First

What did I do?

GET /checkout/adv/address/view HTTP/1.1

Final response
PII data extracted from the response
Address section

--

--

Cybersecurity researcher | Pentester

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store