Attackers do not need to Pay for a Subscription to get the `Discussion Group URL` in `Paid Learning`
Medium
L
LinkedIn
Submitted None
Team Summary
Official summary from LinkedIn
The researcher reported an Insecure Direct Object Reference (IDOR) allowing an attacker to extract information about Learning Groups which is disclosed to only paid subscribers of the course.
Actions:
Reported by
find_me_here
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)