IDEAS about a possible exploit.
#This article is project for educational purposes only. I am not responsible for any actions YOU decide to do after reading this information.
Ideas are not Illegal (In America at least).
I got bored one day and decided to inspect element and this lead me down a rabbit whole to discover how the membean service works. Well it turns out pretty rudimentary. At least simple enough for me to understand. If you aren't familiar with the membean service. It is a service that helps you learn new vocab words using simple 4 choice answers. So it turns out that membean does this answer check locally. This means its open to manipulation from unscrupulous individuals. In theory an individual could snatch the request packet before it hits the servers and change their answer to being correct. But of course this would be in violation of the membean user agreement, Section: 8.1 Chapter: (C) https://membean.com/agreement
In THEROY a user would download a program such as OWASP ZAP. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
This program could be used to create a rule to replace certain elements in the request body. Such as the form's "Pass" value. In theory this could be changed from False to True automaticity using a program such as OSWAP ZAP. View the video in the project to learn more of what I mean. I have also attached a example of what a script could look like.
That's all I really have to say on the matter.