So firstly let me clear out that I am not posting this for people to not use license on immich and stuff although I don't agree with their licensing I don't care its just an idea I have and I wanna share with you. So the idea is, immich communicates with an API server (buy.immich.app) to get a key to license the server. The logic is really simple since they just do a simple web request, my idea is you could spoof the ip of buy.immich.app and point it to a simple python api which will mimick the official api giving a random license. Then you can simply go through the buy process but never finish it so immich will just get the license you gave it and activate it thinking it's legitimate. After you do this you block buy.immich.app and you have an activated immich server. Now you can freely roast my idea.
[link] [comments]
from hacking: security in practice https://ift.tt/PsT8ah2
Comments
Post a Comment