WordPress LifterLMS 4.21.1 Insecure Direct Object Reference

2021.08.10

Credit: Captain_hook

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR
# Date: 2021-05-17
# Exploit Author: captain_hook
# Vendor Homepage: https://lifterlms.com
# Software Link: https://lifterlms.com
# Version: 4.21.1
# Tested on: any
Description
The plugin was affected by an IDOR issue, allowing students to see other student answers and grades
Proof of Concept
- Add 2 users with Student role for the scenario .
- Create A course With a quiz ( I picked True or Flase question for my quiz)
- Set Enrol on Free ( for the ease of scenario )
- Enrol into the Course with Student B and submit your answer to the Course .
The plugin will give a token like :
https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK
To Check your answer was true or false.
Now Login as a Student A and Enroll in the Course. You can just use
the URL https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK
and reach the Student B answer.
Fixed in version 4.21.2✓
References
https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress LifterLMS 4.21.1 Insecure Direct Object Reference

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.