Cracking Encrypted Credit Card Numbers Exposed By API
Published in
6 min readJun 22, 2021
I found an API that exposed encrypted credit card numbers. Here’s how I cracked them to reveal the full card details.
While hacking on a private bug bounty program, I found a graphql endpoint that exposed way more information about logged in users than it should have done. By playing with the ‘about me’ graphql API request I was able to guess and retrieve all the logged-in…