Skip to main content

Intro

This vulnerable can be used on all app uses revenuecat subscriptions verification.  All code here wrote on JavaScript

Entitlement’s bug

This vulnerable based on getting entitlement’s s from server, example

const params = {

url: "https://api.revenuecat.com/v1/product_entitlement_mapping",

timeout: 5000,

headers: $request.headers

}

delete paramsa"headers"]e"x-revenuecat-etag"]

$httpClient.get(params, function(errormsg, response, data) {

if(errormsg) {

err(errormsg)

}

else{

mapping(data)

}

})

 

SSL pinning

SSL pinning is mechanism to stop sending response if traffic was capturing .

Recommendation: add SSL pinning to all app requests

Hi, thank you for sharing this with us. We only accept vulnerability submissions via HackerOne: https://www.hackerone.com

If you submit a support ticket and share you HackerOne username or email address, we can invite you to the program in order to submit your vulnerability for review by our engineering team: https://app.revenuecat.com/settings/support