Sec. Review (Programming Hub)

Recently, while scrolling through my LinkedIn feed, I saw that one of my batch-mates had started his summer internship at ProgrammingHub.

The name Programming Hub caught my attention, and as I am also a Developer who happens to know some programming languages, I decided to check what was this about.

Okay,
So it is an online platform which teaches you programming and also has a subscription model where you can get premium content. I found it much like MIMO App. I installed the Android version and signed up with my Google Account.

I must say, that the UI was smooth and the UX also damn good.
Checked out some course details, found them too basic and then there I see the typical 'Try Pro' icon on the toolbar. And at that moment, I said to myself why not try some basic security attacks here!!

I'll say that the App does have some very basic defence coded internally, however not that strong. All they did was show a 'non-cancelable AlertDialog' to prevent potential hacking. How hard to go pass through that?

Did my things and voilà! Got the PRO Membership!

However, this is not even the most important thing! I have done a little bit of all this in the past too and I knew that this kind of hack is temporary.

I mean this kinda hack might not get out of the App environment, more like a sand-boxed hacked because apps are mostly backed by a backend server which stores all the important info. But to my surprise, when I checked the website, I got a Pro access there too.

Here's some proof from the website –

The same happened on both iOS and Android version Apps. Premium content is subscription based only for 1 Year but check for how long I got it!
45 Years lonnnnnnnng years.
And all of this took what like, 15/20 minutes.!

Will be reporting this to their relevant team and I hope they fix it soon.