<![CDATA[Orami is an e-commerce website that provides products for babies, children, and pregnant women. This research discusses a vulnerability in the Orami website that allows an attacker to cancel orders from another user's account and impersonate their identity. The potential impact of exploiting this vulnerability could lead to a loss of user trust in the Orami site, especially if it is widely abused. Additionally, financial losses could occur if many orders are canceled fraudulently and users choose to purchase from other sites deemed more secure. The vulnerability was exploited by obtaining the victim's order code through the order history feature and then modifying the parameter value in the cancellation order feature on the attacker's account. This research includes vulnerability analysis, impact evaluation, solution identification, vulnerability reporting, and solution implementation. The results of the study show that the Orami website is vulnerable to Broken Access Control attacks and the website developers has fixed the vulnerability.]]>
Copyrights © 2023
