How can I get other users DTH data includings mobile numbers, email address, address, ip address and many more

DTH vulnerable app has a field to enter SMART CARD NUMBER to recharge without login into customer's account. This functionality lures me to do test on various customers data.

But How?!

I have started testing with OTP functionality on vulnerable web app. There is restriction on rate limiting to validate OTP. Then I decided to look each and every functionality. At first, I tried to see view page source. This time I found that front end developers made some mistake by commenting other customers data.

I have confirmed that there is vulnerabilities in this webapp.

Findings

I, found vulnerable endpoint is \ForgotPassword. Here the developers made a big mistake by exposing customer's mobile number.

By using OSINT techniques, verified that mobile number is belongs to that person.

From here I got his/her gmail address and got more information about that customer.

Again I came back to vulnerable endpoint to test it on other customers data. I tried to enumerate with other customers smart card numbers.

These are the fields that vulnerable app has CUST_SMARTCARD, CUST_TYPE, CUST_FNAME, CUST_ADDRESS,CUST_CITY,CUST_STATE,CUST_ZIP,CUST_MAIL,CUST_RMN(Mobile Numbers), CUST_EXP, CUST_BAL, CUST_PLAN, CUST_PLAN_AMOUNT, CUST_PLAN_MONTH, SMC,Package_ID,Package_Name

I have reported this vulnerability ethically to that concerned department more than 4 months ago. I didn't get any reply from them, seems like they didn't care about customer's privacy data about to breach.