+ 11

Concept: SoloLearn Autoliker | Code section

Here with another question, I'm a SL user. I'd like to discuss about SoloLearn Autoliker using AJAX. Without further ado, here is the concept: When you click thumbs up on a code written by somebody else, a POST request is sent to https://code.sololearn.com:443/CodeVoting/ with the parameters codeId and vote. The parameter codeId represents the unique ID number of the code you're about to like and the vote parameter represents number of votes (i.e always 1). Taking advantages of the Code Section being in the same domain sololearn.com, I simply coded a liker in JS in which if a viewer ran my code in web code section he/she would be in the thumbs up list without any interaction. Regardless of all this, the point of my question is that the JS code doesn't run if I execute my code in the android's code section with the console throwing a CORS exception. Can we tackle the problem and if not what are the reasons of the problem I encountered?. And well here is the code: <script> function autoLiker() { var xhttp = new XMLHttpRequest(); xhttp.open("POST", "https://code.sololearn.com:443/CodeVoting/", true); xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xhttp.send("codeId=1301436&vote=1"); } </script>

16th May 2017, 4:47 PM
NepZ
NepZ - avatar
9 Réponses
+ 18
Do it with php "file_get_contents(URL)"....
16th May 2017, 6:22 PM
Valen.H. ~
Valen.H. ~ - avatar
+ 7
the big question is does it works ?
16th May 2017, 4:34 PM
MR Programmer
MR Programmer - avatar
+ 7
@MR Programmer Yes, It does work in the web code section..
16th May 2017, 4:48 PM
NepZ
NepZ - avatar
+ 6
@Serena Maybe. I'm taking advantage of the way they wrote it.
16th May 2017, 5:14 PM
NepZ
NepZ - avatar
+ 6
@Andrew Yeah it is possible to bruteforce but ID's are not random. It's in different range and the number of digits are different.
16th May 2017, 5:18 PM
NepZ
NepZ - avatar
+ 5
@seamki Yeah, I peeked over them a week earlier . They may fix these sort of common vulnerabilities asap. They have no impacts, so they're just common things with no risk.
16th May 2017, 5:32 PM
NepZ
NepZ - avatar
+ 5
@ValentinHacker I was thinking to do the same with cUrl but I think it's not going to work either. I'll try, thanks.
16th May 2017, 7:12 PM
NepZ
NepZ - avatar
+ 3
although inspiring and interesting you may be pointing toward a direction that is clearly forbidden by the rules at the points AA don't hack SL and BB don't use the SL Api outside of the means provided by the SL App. https://code.sololearn.com/W4YS4qBbvkrZ/?ref=app It may be wise to ask them a permission b4 moving further.
16th May 2017, 5:26 PM
seamiki
seamiki - avatar