Khan Academy: S3 bucket takeover [learn2.khanacademy.org]

The subdomain learn2.khanacademy.org was pointed to Amazon S3, but no bucket with that name was registered learn2.khanacademy.org. This meant that anyone could sign up for Amazon S3, claim the bucket as their own and then serve content. Steps to reproduce Check the following url:...

Khan Academy: Access to alerta.khanacademy.org leak sensitive data

Hi , I found to access https://alerta.khanacademy.org/ using signup bypass.That leak access to sensitive data of khanacademy.org Step To Reproduce: 1. Go to https://alerta.khanacademy.org//signup 2. Inspect Q and remove ng-hide F1121291 3. You got Signup Form. Signup account using...