MacMillanExploit
MacMillan e-learning platform in vulnerable to exploit that allows to retrive the answers before completing the exercise.
How it was discovered
By looking on requests made by client when submitting exercise, I discovered that there is no validation to check if student completed the exercise before sending request for answers.
This allows attacker(student) to submit request to MacMillan website and get answers in JSON format.
How to do it
In depth guide is in .pdf file.