2 matches found
Kartpay: Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.
The System Encryption for the merchant registration was revealing the details which can be further exploitable for the Registration of the merchant. After sharing the details by the @bugera it was fixed by the team...
Kartpay: URl redirection
In the following post HTTP request while registering for merchant POST /register HTTP/1.1 Host: merchant.kartpay.com User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:67.0 Gecko/20100101 Firefox/67.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...