Duoling bug report and further improvements

content/blog/apprentice/handlebars.en.md

@@ -67,8 +67,6 @@ This script is running on this page;
 
 {{< highlight js >}}{{% asset "apprentice/handlebars.js" %}}{{< /highlight >}}
 
-### Output
-
 {{< raw >}}
 <div id='example-out'></div>
 <!-- <script src='https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.slim.min.js'></script> -->

content/blog/apprentice/jquery.en.md

@@ -0,0 +1,12 @@
+---
+date: 2022-06-07T14:42:48Z
+draft: true
+aliases: []
+categories: ['various']
+series: []
+tags: ['various']
+chroma: false
+toc: true
+title: Jquery
+description: 
+---

content/blog/duolingo-xp-exploit.en.md

@@ -0,0 +1,37 @@
+---
+date: 2022-06-07T22:11:49Z
+draft: false
+aliases: []
+categories: ['exploit']
+series: ['hacking']
+tags: ['bug']
+chroma: false
+toc: true
+title: Duolingo Xp Exploit
+description: I found a bug in the Duoling app for iOS that let's super/pro users instantly complete speaking only lessons.
+---
+
+{{< raw >}}
+<style>video { float: right; }</style>
+<video width='27%' autoplay controls loop muted>
+  <source src='/duolingo-xp-exploit.mp4' type='video/mp4'>
+  <b>Your browser does not support the video tag!</b>
+</video>
+{{< /raw >}}
+
+It's possible for super/pro users to instantly complete speaking only lessons on iOS.
+
+## How to reproduce
+
+1. Make sure the Duoling app does *not* have microphone access.
+2. Start a round of "Perfect Pronunciation" in the "Practice Hub".
+3. Click continue and when prompted for microphone access, just click cancel.
+4. Profit. (Instant perfect lesson!)
+
+## Summary
+The bug here seems to be that the iOS prompt for *possibly* taking the user to the apps permissions in settings, but rather does nothing.
+Later we do actually get that iOS prompt on the first lesson.
+The Duoling app skips all the speaking lessons as it usually would when denied microphone access.
+But this of course is a big problem when all the lessons are speaking lessons.
+
+The end result is an *almost* instant perfect lesson!~