Hello fellow hunters, today im going to share an simple bug which i made a bounty of 500$

this is a private website so lets say this as redacted.com and the method is called carding, with no delay lets begin

so this vulnerability was first reported on march 1 2019, to be honest this is my first bug that i found

i was searching this redacted.com all over the place for some high impact vulnerabilities luckily i found a vulnerability on payment gateway transaction where its not validating the card details whether the card is valid or invalid its taking the cc details and accepting the card and ordering the product

so lets see how can we able to reproduce this

i used ke1checker for checker and ke1generator for generating cc(credit card) and selected random one from the one which are live not dead not unknown

now i added products to the cart and proceed to checkout now for the payment section in the creditcard location i given some random cc and it accepted the card and ordered the products and they are delivered to me and i reported it ethically and sent all products back and got rewarded on april 15 2019

thanks for reading

happy hunting