Vulnerability that allows you to download the invoices of any phone number registered at Movistar. It was found using mitmproxy on the mobile Android app, and is the result of a faulty Oauth authentication implementation.

Continue reading...