Razer: Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking

2020-01-17T11:15:47
ID H1:776877
Type hackerone
Reporter nnez
Modified 2020-03-24T21:04:35

Description

The tester discovered a Razer Gold Thailand server was vulnerable to information disclosure due to the use of a predicable reference ID in application URLs which could lead to the ability obtain phone numbers. Razer thanks the tester for his clear report.