+ 2
Huge security issue in SoloLearn - discover now
Since Sololearn has NO CSRF, we can post things on peoples accounts without them knowing. Go to [code has been made private] And press RUN And it will post a code snippet on your account without you knowing [Edit Notes by David Carroll] Daniel Smilster Thanks for sharing this. I've removed the link and made the code private now that SoloLearn has been notified.
7 Réponses
+ 4
if this is true than you need to send an email to info@sololearn.com
+ 3
Ace I just sent them this post to follow up with to Levon
+ 3
Did you just rick roll us? I didn't know that was still a thing. LOL
Edit: I see, now that it does actually post things to our feed. Thanks for finding this exploit!
+ 2
I think you should private that code or remove it completely before someone else decide to use and abuse it.
+ 1
Jason Kennedy do you remember the profile name?
0
i seen someone doing this with rick roll already
0
Sololearn is the security issue itself. You can't fix a security issue if the whole plattform is one. Look at it. The servers of Sololearn aren't even properly configured. They throw unexpected errors all the time if you go on their website.