Skip to main content
  1. Posts/

Coursera: logic bug in certificate validation

·3 mins
havertz2110
report bug bounty
Table of Contents

Hi, it has been a while since my last post :D Today I have comeback, with a new field on this blog: Bug bounty (even i still have no significant bounty for this). I will try my best to pull this blog back to life :))) Before anything, I want to say that this blog and latters are just to share about my bug finding story for knowledge and for fun, it is not to offend anyone or any organization. So okay, let’s go.

Context #

So it is the time of year when I continue my cert farming period. I decided to continue the GG Data Analytic as I have started it 2 years ago when I had just got into uni. I applied for a financial aid years ago and got accepted, but my laziness stroke and I had left the course undone until couple days ago. And from doing this, I found a business logic bug :D not so critical, but it’s fun tho :)))

Reproduce #

So speedrun to when I tried to submit the module assignment to be qualified for the certificate, I faced one problem that it required me to subscribe if I want to submit since my Finaid was expired years ago:

Alt text

So to get the cert, I accepted to sacrifice some money to take the cert, so I click “Subscribe” to open the Coursera payment page:

Alt text

And since I was suffered from ADHD, I forgot to complete the payment and left somewhere. And when I comeback, the quiz timer itself timed out (40 minutes limit):

Alt text

And here is where the magic is! As u can see, it automatically submitted, my answers were graded and I was granted for completing the module - something shouldnt happened without subscribing to the course of finaid:

Alt text

To confirm, I even had the cert from mail:

Alt text

By using this bug, I have completed the entire course, except the last one because I reported before complete it and the dev team fixed it :))) how dumb of me

Alt text

And here is a video to confirm:

Report #

The report phase was kinda hard for me, since this is my second bug (I will write one about the first one soon because it is more complicated than this). So I report to their bounty team 3 times. First time, they just closed and labeled it N/A, I asked but got no further response hehe. Not accepting this, I preprared to submit one more. But this second time is my fault and it was misconfigured so I closed it immediately.

And third time's a charm, I submitted successfully and finally got some responses from them. They said that

Thanks again for the report again. <something...> As part of our ongoing updates, timed quiz is being phased out, and after careful evaluation, we have determined that the associated risk is minimal. Thanks again and hope you'll keep enjoying learning with Coursera.

So it is known (arrrrrrg if known then why no fixxxx) and the impact is minimal, but I dont care much about that ehhe, it is so fun to discover this either. Anyway, to be honest, I think this deserves at least medium or better hehe just saying.

Alt text

Last, thank you for reading, if anything is incorrect or mismatch, tell me :D !