Business Logic bugs: Bypassing Ilovepdf's paywall

Intro This article details how I bypassed the paywall present in Ilovepdf’s mobile application for the amount of daily PDF processing tasks possible and explains the specific vulnerability type involved: “business logic” Story Time A couple of days ago, I was helping my mom do some clerical work with PDFs (because I’m the good child and my siblings are useless). Being stuck on an unfamiliar device with none of the apps that I’m used to, I did a quick glance of the play store and downloaded the first app that looked like it didn’t have malware in it (as the competent security professional that I am....

December 8, 2021 · 3 min · 5hyl0ck