How can I get other users DTH data includings mobile numbers, email address, address, ip address and many more
DTH vulnerable app has a field to enter SMART CARD NUMBER to recharge without login into customer's account. This functionality lures me to do test on various customers data.
But How?!
I have started testing with OTP functionality on vulnerable web app. There is restriction on rate limiting to validate OTP. Then I decided to look each and every functionality. At first, I tried to see view page source
. This time I found that front end developers made some mistake by commenting other customers data.
I have confirmed that there is vulnerabilities in this webapp.
Findings
I, found vulnerable endpoint is \ForgotPassword
. Here the developers made a big mistake by exposing customer's mobile number.
By using OSINT techniques, verified that mobile number is belongs to that person.
From here I got his/her gmail address and got more information about that customer.
Again I came back to vulnerable endpoint to test it on other customers data. I tried to enumerate with other customers smart card numbers.
These are the fields that vulnerable app has CUST_SMARTCARD, CUST_TYPE, CUST_FNAME, CUST_ADDRESS,CUST_CITY,CUST_STATE,CUST_ZIP,CUST_MAIL,CUST_RMN(Mobile Numbers), CUST_EXP, CUST_BAL, CUST_PLAN, CUST_PLAN_AMOUNT, CUST_PLAN_MONTH, SMC,Package_ID,Package_Name
I have reported this vulnerability ethically to that concerned department more than 4 months ago. I didn't get any reply from them, seems like they didn't care about customer's privacy data about to breach.
Comments