Skip to content

Security Review (Programming Hub)

Published on: May 20, 2020

Security Review (Programming Hub)

Recently while scrolling through LinkedIn feed,
I saw one of my batch-mate started his Summer Internship at ProgrammingHub.

The name Programming Hub caught my attention, and as I am also a Developer who happens to know some programming languages, I decided to check what was this about.

So it is an online platform which teaches you programming and also has a subscription model where you can get premium content. I found it much like MIMO App. I installed the Android version and signed up with my Google Account.

I must say, that the UI was smooth and the UX also damn good.
Checked out some course details, found them too basic and then there I see the typical 'Try Pro' icon on the toolbar. And at that moment, I said to myself why not try some basic security attacks here!!

Note: I won’t be disclosing the name of tools that I used

I’ll say that the App does have some very basic defence coded internally, however not that strong. All they did was show a 'non-cancelable AlertDialog' to prevent potential hacking. How hard to go pass through that?

Did my things and voilà! Got the PRO Membership!

However, this is not even the most important thing! I have done a little bit of all this in the past too and I knew that this kind of hack is temporary.

I mean this kinda hack might not get out of the App environment, more like a sand-boxed hacked because apps are mostly backed by a backend server which stores all the important info. But to my surprise, when I checked the website, I got a Pro access there too.

Here’s some proof from the website –

security review pg hub premium

The same happened on both iOS and Android version Apps. Premium content is subscription based only for 1 Year but check for how long I got it!
45 Years lonnnnnnnng years.
And all of this took what like, 15/20 minutes.!

Will be reporting this to their relevant team and I hope they fix it soon.

Update: I found some more issues in their platform which leaked some sensitive information.

All of that was reported to the team, and they will be fixing it soon…

And Thanks to Programming Hub, I get to keep the Pro Membership, but I don’t know for how long though…

Darshan Pandya