+ 2

Huge security issue in SoloLearn - discover now

Since Sololearn has NO CSRF, we can post things on peoples accounts without them knowing. Go to [code has been made private] And press RUN And it will post a code snippet on your account without you knowing [Edit Notes by David Carroll] Daniel Smilster Thanks for sharing this. I've removed the link and made the code private now that SoloLearn has been notified.

11th Jul 2019, 8:04 PM
Daniel Smilster
7 Réponses
+ 4
if this is true than you need to send an email to info@sololearn.com
11th Jul 2019, 8:32 PM
BroFar
BroFar - avatar
+ 3
Ace I just sent them this post to follow up with to Levon
11th Jul 2019, 8:38 PM
BroFar
BroFar - avatar
+ 3
Did you just rick roll us? I didn't know that was still a thing. LOL Edit: I see, now that it does actually post things to our feed. Thanks for finding this exploit!
12th Jul 2019, 5:31 AM
Chris Coder
Chris Coder - avatar
+ 2
I think you should private that code or remove it completely before someone else decide to use and abuse it.
12th Jul 2019, 5:35 AM
Chris Coder
Chris Coder - avatar
+ 1
Jason Kennedy do you remember the profile name?
12th Jul 2019, 4:49 PM
Chris Coder
Chris Coder - avatar
0
i seen someone doing this with rick roll already
12th Jul 2019, 9:10 AM
Jason Kennedy
0
Sololearn is the security issue itself. You can't fix a security issue if the whole plattform is one. Look at it. The servers of Sololearn aren't even properly configured. They throw unexpected errors all the time if you go on their website.
25th Jul 2019, 3:09 PM
N00B