How i was able to bypass a Pin code Protection

Info about the target

it’s a financial company that provides virtual and physical cards

full story

so I after some recon and understanding the target well I found a function for creating the virtual and the physical card and I found that’s when you create a virtual card you can read card details without any other steps

request

Recap

so basically bypass the PIN code protection by using the virtual card activate request in the physical card by replacing the card uuid!

Tips for Pentester

always read js files and analyze it.
and literally, click on every button/ function you can find and read the requests and think what you can do with this, this is how you can build a hacker mindset :)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kerolos sameh (xko2x)

Kerolos sameh (xko2x)

I’m a 17 y.o Bug hunter || Security Researcher at Hackerone