Loophole in e-learning platforms

Hi readers!

I am Akhil, a student and Bug Bounty hunter. Today I would like to share one of my finding that I came across in almost all the e-learning platforms.

I’m sure most of the researchers are already aware of this loophole/issue. Some of them might have already reported it to some well known e-learning platforms through their public bugbounty/responsible disclosure programs.

But,

According to one of the popular e-learning platform this is not a considerable issue/intended behaviour/out-of-scope etc., because of many reasons like

Let’s get started ::

[This issue exists only in e-learning platforms which provide pre-recorded courses]

E-Learning platforms consists of huge no.of courses which occupies lot of storage. So, they will store all the course videos in separate subdomain or S3 Bucket or external content storage services like vimeo, mostly such kind of subdomains are named as video-cdn.redacted.com , video-storage.redacted.com etc.,

Almost all the e-learning platforms which provide pre-recorded courses are implementing the same functionality —

If a user clicks on particular video, the implemented logic fetches the location at which that particular video is stored in the separate subdomain and then a GET request is made to that particular URL to play the video.

PHASE 1

You should get access to the course. I don’t want to tell you guys how to get access to the course for sometime[without actually loosing your money]. Just use your brain. you will definitely get an idea about how to do that.