LinkedIn has a subpage called Linked Learning. As you all know, LinkedIn is our online CV. On this 9th of September I took a Linkedin exam in a course.
Since I passed, LinkedIn offered me a few courses that you can only see for free in the image above 24 hours
Here I have noticed a strange behavior. I learned on LinkedIn and searched for other courses. I also noticed that there is no way to view the course 24 hours for free. i.e. Only the course you have suggested can be viewed for free for 24 hours.
I've monitored traffic to find out how suggested courses are unlocked for free for 24 hours and not for other courses. After spending some time monitoring traffic, you'll get a request like the following:
I saw a strange parameter in the URL like this: => lyndaCourse:
Therefore, I wondered why I should not replace the course ID of the free course with the course ID of the locked course.
Fortunately, I can get the course ID of the locked course by looking at the page source of the code with the parameter name
If a request to replace the unlocked course ID with the suspended course is unlocked, it will be unlocked for 24 hours.
My first thought was that there should be an indirect object reference vulnerability because there are literally no options to unlock the paid course for free.
Now again ** another strange behavior when analyzing the HTML source **
All videos were actually meida, d. H. They were only embedded with video tags that allowed downloading the videos with the right mouse button.
I reported them directly with screenshots and proof-of-concept videos and got this answer.
So I thought that they took this problem lightly and posted it on LinkedIn and tagged it.
You can see that I have shown in the post again with proof-of-concept video. Here's the link to the post that tweeted and tagged them to advise them, following the advice of other security researchers.
I sent it back with the link of the post and got this answer.
For a moment I thought it is no error and a known function But other security researchers say it's a mistake. As proof, I've also written an automated program that takes advantage of this error and downloads all paid courses for free, which is required for a month in large quantities. Below is a reference image of the program.
And still they say it's not a mistake. So my question is Is this an error or a known function or behavior?
If each course can be downloaded for free, what needs to be paid? If it is a mistake, please contact them. I tried to explain my level to you best.