Comment by pmonalm

3 months ago

    POST https://auth.puregym.com/connect/token
    grant_type=password&username={EMAIL}&password={PIN}&scope=pgcapi offline_access
    Authorization: Basic cm8uY2xpZW50Og==

Looks like it could be feasible to brute force some PINs using this API. Assuming it's not rate-limited, an average of 50,000,000 API calls isn't that many.

0 comments

pmonalm

No comments yet

Contribute on Hacker News ↗