Hi everyone , So after a long time i am publishing one of my recent finding on coolwinks (PS:They don't have a bug bounty program).
So while placing an order i marked if your payment failed then an automated email send to your registered email . Where there a link by clicking the link it will automatically logged you in your account . So i just checked the link to know which parameter is responsible for auto login .
so the url look like this
https://www.coolwinks.com/checkout?utm_source=automailer&utm_medium=mail&xmzfd=dmljdGltQGdtYWlsLmNvbQ==
So you can see the parameter xmzfd hold a Base64 Value
Ok lets decode the value of xmzfd
Base64 Decode of dmljdGltQGdtYWlsLmNvbQ== is victim@gmail.com
So here simple encode anyuser registered email to Base64 and replace the value of xmzfd with encoded value and open the link in browser boom you will be logged into the user account
So here the video proof of concept
Status: Fixed
Thanks for reading
So while placing an order i marked if your payment failed then an automated email send to your registered email . Where there a link by clicking the link it will automatically logged you in your account . So i just checked the link to know which parameter is responsible for auto login .
so the url look like this
https://www.coolwinks.com/checkout?utm_source=automailer&utm_medium=mail&xmzfd=dmljdGltQGdtYWlsLmNvbQ==
So you can see the parameter xmzfd hold a Base64 Value
Ok lets decode the value of xmzfd
Base64 Decode of dmljdGltQGdtYWlsLmNvbQ== is victim@gmail.com
So here simple encode anyuser registered email to Base64 and replace the value of xmzfd with encoded value and open the link in browser boom you will be logged into the user account
So here the video proof of concept
Status: Fixed
Thanks for reading