Share
## https://sploitus.com/exploit?id=PACKETSTORM:163765
# Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR  
# Date: 2021-05-17  
# Exploit Author: captain_hook  
# Vendor Homepage: https://lifterlms.com  
# Software Link: https://lifterlms.com  
# Version: 4.21.1  
# Tested on: any  
  
Description  
  
The plugin was affected by an IDOR issue, allowing students to see other student answers and grades  
  
Proof of Concept  
  
- Add 2 users with Student role for the scenario .  
- Create A course With a quiz ( I picked True or Flase question for my quiz)  
- Set Enrol on Free ( for the ease of scenario )  
- Enrol into the Course with Student B and submit your answer to the Course .  
  
The plugin will give a token like :  
https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK  
To Check your answer was true or false.  
  
Now Login as a Student A and Enroll in the Course. You can just use  
the URL https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK  
and reach the Student B answer.  
  
Fixed in version 4.21.2โœ“  
  
References  
  
https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/