Lucene search

K
hackeroneBasant0x01H1:1082288
HistoryJan 20, 2021 - 2:22 p.m.

Kartpay: Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.

2021-01-2014:22:22
basant0x01
hackerone.com
20

The System Encryption for the merchant registration was revealing the details which can be further exploitable for the Registration of the merchant. After sharing the details by the @bugera it was fixed by the team.