I did this once too on a NodeJS app. The process was not as complicated as this. They had an exposed config.json file with all variables, including a "EXPIRES_IN". I bumped up that number to 999999, and Voila! I had unlimited subscription. I wrote the dev team, with screenshots, and the app was later rolled as a online web use only... 🤦🏿♂️
😁Thanks for sharing your experience, I hope you got a bug bounty from the developer for reporting that vulnerability 🧐. the scenario here is a little different, I routed all the requests from the app to the express server that I made by modifying the application library.
I did this once too on a NodeJS app. The process was not as complicated as this. They had an exposed config.json file with all variables, including a "EXPIRES_IN". I bumped up that number to 999999, and Voila! I had unlimited subscription. I wrote the dev team, with screenshots, and the app was later rolled as a online web use only... 🤦🏿♂️
😁Thanks for sharing your experience, I hope you got a bug bounty from the developer for reporting that vulnerability 🧐. the scenario here is a little different, I routed all the requests from the app to the express server that I made by modifying the application library.
genius