*** This does not work anymore. Etisalat guys have fixed this security hole within 24hrs since I released this! Impressive! So kudos to them :) And cheers to anyone who got lucky and had fun while it lasted ;) ***
Suddenly my Etisalat data package stopped working so I logged in using my other Airtel connection to check what's wrong. After bit of Googling, found this official portal which lets you view your current and previous bills. While on it, it appeared that their portal is easily vulnerable to exploit. Although you need authentication to view the bills, but once you know the bill URL and get the hang of how they are classified, getting the customer data out is a piece of cake!
After checking few bills of random users, I thought of writing a utility which can be used to check the outstanding bill amount when a customer number is given. Customer number is printed as 'Customer No' in your actual bill. You can download the application here. You can use it to view your previous bills too. But the best part is you can check details of other random users. Just for the kicks, I decided to reveal their name, address, post pay plan and the actual phone number. So have fun while it lasts ;)
The application has a simple interface. You will have to enter your customer number and choose the month and year of the bill which you want to see. When you click 'Get Bill Details' button, it will get busy for a while and display details if available. Check out the screenshot.
Do try out the app and comment if you need any improvements to be added in the later versions. Also comment if there are any bugs. Enjoy!
Application Download Link: http://www.mediafire.com/?vq0zp3tdjn7746h