Online greeting card company Moonpig has taken an API offline which bypassed all authentication security and allow an attacker to place orders on other customer accounts. According to research by Paul Price, the flaw allows an attacker to easily place orders on other customers accounts, add/retrieve card information, view saved addresses, view orders and much more. He also said that every API request is like this, and if you hit the API endpoint with...
Read more