When a response from a valid coupon comes back from the web server, the SinVR app unlocks the content specified in the response, allowing it to be selected from the menu. These are invalidCode, expiredCode and unlimited. Looking though the code, it looked like there were three types of valid responses from the server when a coupon is submitted. We quickly located this feature in the application.
SINVR LOGIN PORNBB CODE
Whilst decompiling the application, we noticed a section of code that dealt with coupons. net is significantly easier to reverse than 圆4, we decided to start there. net assemblies in one of the directories. We wanted to find out whether this was true and to see whether we could set the state to “purchased”.Īlthough the main application is a 圆4 program, there were a number of. Looking though the results we were unable to see anything that set content to available/forbidden which lead us to believe the check was performed locally within the application itself. To try and answer this question, we started a proxy server to capture the network traffic.
SINVR LOGIN PORNBB SOFTWARE
however we hope that this article will help anyone developing software to be aware of any client side validation used to protect content.ĭuring the initial review of this application, we noticed a lot of content was set to “forbidden” within the application with only one sample available for free.Īny experienced penetration tester or hacker would ask themselves “how does the app know what is available to the user and what isn’t?”. It’s likely other avenues to view content exist. This vulnerability would allow users to unlock all (paid) content in the application. Initially, inVR said they were not interested in fixing this vulnerability however, after reading an initial draft of this post they asked for two weeks to fix the issue. During our research, we noticed another interesting vulnerability but as customer details were not at risk, we decided to wait before publishing this post. In December, we raised an issue with inVR (the company behind the adult VR application - SinVR) where a vulnerability allowed us to view some details of customers that were using the application. Hacking SinVR for Fun and Profit and Free Adult Content
0 kommentar(er)
