Home > iPhone Apps > Vulnerability for Harry’s Bar iPhone App

Vulnerability for Harry’s Bar iPhone App

Harry’s Bar made this iPhone app which allows its customers to win prizes when patronizing its premises.

It is possible to win the grand prize of a bucket of Harry’s Beer by doing a MITM using Burp or another other proxy tool.

The server name is exhost.se.  As you can see here, they did not prevent directory browsing.

Venues.xml looks interesting, it shows the probability for winning a certain prize as well as the ID for the prizes.

By doing a MITM and change the incoming ID to 6, you will be able to win a bucket of Harry’s Beer every single time.

About these ads
Categories: iPhone Apps
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: