Razer: IDOR in eform.molpay.com leads to see other users application forms with private data

The tester discovered an IDOR which could allow an adversary to view the application form data of another user’s application form given knowledge of the application ID. He worked with Triage to provide a working PoC. Razer Fintech appreciates the report to help keep customer data secure.