- Insecure super admin APIs on Dava India Pharmacy’s website made it possible to create a high-privileged super admin account.
- Super admins had complete control over the entire website and pharmacy backend, including access to:
- 883 stores
- Nearly 17,000 orders (customer information included)
- Edit more than 1,500 products, including the ability to change price and remove prescription requirements
- Create coupons, such as 100% off
- Change aspects of the website, like the YouTube videos displayed
🤗