Slacker News Slacker News logo featuring a lazy sloth with a folded newspaper hat
  • top
  • new
  • show
  • ask
  • jobs
Library
← Back to context

Comment by pmonalm

3 months ago 

    POST https://auth.puregym.com/connect/token
    grant_type=password&username={EMAIL}&password={PIN}&scope=pgcapi offline_access
    Authorization: Basic cm8uY2xpZW50Og==

Looks like it could be feasible to brute force some PINs using this API. Assuming it's not rate-limited, an average of 50,000,000 API calls isn't that many.

0 comments

pmonalm

Reply

No comments yet

Contribute on Hacker News ↗

Slacker News

Product

  • API Reference
  • Hacker News RSS
  • Source on GitHub

Community

  • Support Ukraine
  • Equal Justice Initiative
  • GiveWell Charities