You know what, Muhammad? You were actually right to push on this.
Your comment made me run a audit on the codebase, and I actually found a critical IDOR vulnerability. The backend was validating the Stripe payment status, but not tying the sessionId to the specific URL requested. Someone could have used one $4.99 payment to infinitely unlock reports for any URL.
It's patched and secured at the server level now.
Good instincts. Seriously. And keep up the good work with Rust and your LibreUI project, that's impressive for 15.
solskede|5 days ago
Your comment made me run a audit on the codebase, and I actually found a critical IDOR vulnerability. The backend was validating the Stripe payment status, but not tying the sessionId to the specific URL requested. Someone could have used one $4.99 payment to infinitely unlock reports for any URL.
It's patched and secured at the server level now.
Good instincts. Seriously. And keep up the good work with Rust and your LibreUI project, that's impressive for 15.