WordPress LifterLMS 4.21.1 Insecure Direct Object Reference

2021.08.10
Credit: Captain_hook
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR # Date: 2021-05-17 # Exploit Author: captain_hook # Vendor Homepage: https://lifterlms.com # Software Link: https://lifterlms.com # Version: 4.21.1 # Tested on: any Description The plugin was affected by an IDOR issue, allowing students to see other student answers and grades Proof of Concept - Add 2 users with Student role for the scenario . - Create A course With a quiz ( I picked True or Flase question for my quiz) - Set Enrol on Free ( for the ease of scenario ) - Enrol into the Course with Student B and submit your answer to the Course . The plugin will give a token like : https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK To Check your answer was true or false. Now Login as a Student A and Enroll in the Course. You can just use the URL https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK and reach the Student B answer. Fixed in version 4.21.2✓ References https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top