Intro
This vulnerable can be used on all app uses revenuecat subscriptions verification. All code here wrote on JavaScript
Entitlement’s bug
This vulnerable based on getting entitlement’s s from server, example
const params = {
url: "https://api.revenuecat.com/v1/product_entitlement_mapping",
timeout: 5000,
headers: $request.headers
}
delete paramsa"headers"]e"x-revenuecat-etag"]
$httpClient.get(params, function(errormsg, response, data) {
if(errormsg) {
err(errormsg)
}
else{
mapping(data)
}
})
SSL pinning
SSL pinning is mechanism to stop sending response if traffic was capturing .
Recommendation: add SSL pinning to all app requests