Solved

revenuecat entitlement’s vulnerability

  • 14 April 2024
  • 1 reply
  • 52 views

Badge

Intro

This vulnerable can be used on all app uses revenuecat subscriptions verification.  All code here wrote on JavaScript

Entitlement’s bug

This vulnerable based on getting entitlement’s s from server, example

const params = {

url: "https://api.revenuecat.com/v1/product_entitlement_mapping",

timeout: 5000,

headers: $request.headers

}

delete params["headers"]["x-revenuecat-etag"]

$httpClient.get(params, function(errormsg, response, data) {

if(errormsg) {

err(errormsg)

}

else{

mapping(data)

}

})

 

SSL pinning

SSL pinning is mechanism to stop sending response if traffic was capturing .

Recommendation: add SSL pinning to all app requests

icon

Best answer by Haley Pace 19 April 2024, 18:02

View original

This post has been closed for comments

1 reply

Userlevel 4
Badge +8

Hi, thank you for sharing this with us. We only accept vulnerability submissions via HackerOne: https://www.hackerone.com

If you submit a support ticket and share you HackerOne username or email address, we can invite you to the program in order to submit your vulnerability for review by our engineering team: https://app.revenuecat.com/settings/support