Mail.ru: [api-site.city-mobil.ru] Improper access control leads to information disclosure (bypass of #977597 fix)

Authorization for api-site.city-mobil.ru endpoint was not properly checked, allowing to obtain data about arbitrary corporate.city-mobil.ru orders and users. Find a way to bypass a bad fix for 977597. There are more steps in the new scenario that allows exploiting the issue. An attacker needs to...