Why is It Big?

Pepperfry has raised over Rs 1,200 crore (about $163 mn) since inception, 6 years ago.(Sources – Economictimes)

More than 1 Million Users have installed Pepperfry through Google play store.

Hackers and Telemarketers can mine the data of Pepperfry by automating a script using a phone number dump found online.

These 1 Million Users are in Risk of getting their information leaked on the web.

How Do I Reproduce The Flaw?

Update: The flaw is fixed and Acknowledged By Pepperfry, and covered by Moneycontrol

– I have created an Automated Script that will login to the account and display the User Information.

Email of PepperFry Account:


==============================

Another Script Allow’s You To Change The First Name & Last Name of Any Account on PepperFry:

Using our Flaw, I’ve created a script which allows you to change the First Name & Last Name of Any account on Pepperfry.

You need to Enter the Email ID of your Pepperfry account and the New First Name and Last name for the user account.

Email of PepperFry Account:
New First Name:
New Last Name:


==============================
Ehraz Ahmed

Author Ehraz Ahmed

More posts by Ehraz Ahmed