Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal Teika
Ahmad Ray Septa Firdaus
Universitas Singaperbangsa Karawang
Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Languange, Linguistic, Communication & Media

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Memanfaatkan Kerentanan Broken Access Control pada Website Orami untuk Membatalkan Pesanan dan Meniru Identitas Pengguna Ahmad Ray Septa Firdaus; Apriade Voutama
TeIKa Vol 13 No 02 (2023): TeIKa: Oktober 2023
Publisher : Fakultas Teknologi Informasi - Universitas Advent Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.36342/teika.v13i02.3113

Abstract

Orami is an e-commerce website that provides products for babies, children, and pregnant women. This research discusses a vulnerability in the Orami website that allows an attacker to cancel orders from another user's account and impersonate their identity. The potential impact of exploiting this vulnerability could lead to a loss of user trust in the Orami site, especially if it is widely abused. Additionally, financial losses could occur if many orders are canceled fraudulently and users choose to purchase from other sites deemed more secure. The vulnerability was exploited by obtaining the victim's order code through the order history feature and then modifying the parameter value in the cancellation order feature on the attacker's account. This research includes vulnerability analysis, impact evaluation, solution identification, vulnerability reporting, and solution implementation. The results of the study show that the Orami website is vulnerable to Broken Access Control attacks and the website developers has fixed the vulnerability.
Co-Authors Apriade Voutama