🔰 Bug exploitation for the Profi app. This is a simple Python script that automatically scans qr's emulating a user being at checkouts and getting 1% cahsback from current processed bill. (Not even being in the store) And so you can get peoples cashback to your account(s) just knowing some qr codes from checkouts.
Download App Here: Profi Android - Profi iOS
Clone the repository, install the dependencies
using pip install -r requirements.txt
and then create a file named config.json formated as sample.config.json with your data.
QR Codes
To add qr codes in config.json you need to scan the qr from the shop checkout and get the text from it that looks somethink like this https://qr.profi.ro/checkin?l=9000009999969, therefore you need to add only 9000009999969 to the "qrCodes" list in config.json.
Run the script using python main.py.
Issues For any errors you get, please try checking if the username and password is correct or the correct format of config. Otherwise, create an issue.
Long Term Exploaitation The app has a rate limit and will block you after a few requests. You can use a timer to run the script every 24 hours to claim the daily prizes and avoid being blocked.
Note: The script is not meant to be used for long term exploitation, as it is against the Profi app's terms of service. The following output means your has been blocked:
{
"name": "CheckInBlocked",
"message": "Check-in blocked for a member because of suspicious activity"
}
I am not responsible for any misuse of this script. Also please keep in mind that the Profi app is not a bug bounty program, so please do not use this script to exploit the app. This script is only for educational purposes.
Learn more about the Profi QR codes cahsback system here.